How ChatGPT Can Help the Cybersecurity Sector?

By   ISBuzz Staff
Editorial Team , Information Security Buzz | Dec 08, 2022 03:02 am PST

What is ChatGPT?

Since its debut last month, ChatGPT, OpenAI’s most recent innovation, has attracted more than a million users. Among its early use cases are requested to develop code, write bedtime stories, and map out new applications.

The most recent model to emerge from OpenAI’s Large Language Model GPT-3, ChatGPT, enables users to have natural language conversations with it. It can reply to a range of requests since it is instructing on a massive amount of data.

The same methods as for InstructGPT were used by OpenAI, but it additionally collected dialog data from individuals who wrote down both the AI assistants and their own parts of a conversation. These so-called “AI trainers,” as OpenAI calls them, had access to modeled suggestions that helped them formulate their responses.

ChatGPT Accuracy

It isn’t always accurate. Coding question website Stack Overflow has banned AI-generated answers due to a high volume of incorrect but plausible responses. In a statement, Stack Overflow said: “Because the average rate of getting correct answers from ChatGPT is too low, the posting of answers created by ChatGPT is substantially harmful to the site and users.”

OpenAI says the tool is still “in development” and they are making changes including training the model based on user feedback, so incorrect code and responses help improve the system if users explain where it went wrong. It is only available for beta testing and evaluation now, but it is expected OpenAI will open API access early next year. This will allow companies to develop products based on the software, which could include coding, optimization, and call center tools.

ChatGPT has the capacity to produce negative, inaccurate, and toxic content, just like all NLP models. It does not cite any type of ultimate fact authority, and its knowledge base is unique to that of the training data. It makes an effort to avoid controversial topics, yet problems can still arise. Because of this, the outputs of ChatGPT’s capabilities are limiting. by OpenAI’s Moderation API.

How Can ChatGPT Benefit the Cybersecurity Industry?

ML has emerged as a key cybersecurity technology that can improve your organization’s security while freeing up your security team’s time for other crucial activities. Cybersecurity systems can use machine learning (ML) to analyze trends and learn from them. In order to help stop assaults and react to altering behavior. Additionally, it can make cybersecurity teams more proactive in their response to ongoing threats in real-time.

Brendan Dolan-Gavitt, a computer security researcher, questioned whether he could give it instructions to create dangerous code. So he gave the model a straightforward capture-the-flag mission to complete.

The outcome was almost miraculous. The code featured a buffer overflow vulnerability, which ChatGPT correctly identified and created code to exploit. The model would have found the solution without a single flaw—the number of characters in the input—but for that.

Jeremy Richards asked ChatGPT to find the flaws in the OWASP Flask application. Three of the exploits were successful, and another would have been successful if the database had been SQLite.

Below Is Response From Our Experts

Here are a handful of the responses we can get from our professionals. Please leave a comment below with your thoughts on how you believe ChatGPT can improve cybersecurity.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Dane.Sherrets
Dane.Sherrets , Solutions Architect
InfoSec Expert
December 12, 2022 1:36 pm

The advancements ChatGPT represents are exciting, but technology hasn’t yet developed to run entirely autonomously. For AI to function, it requires human supervision, some manual configuration and cannot always be relied upon to be run and trained upon the absolute latest data and intelligence. 

For cybersecurity use cases, that’s a problem. The threat landscape is constantly evolving, with cybercriminals continuously leveraging new attack vectors and vulnerabilities in new technologies. Year-old data can render autonomous solutions much less effective, and an over-reliance on scanning tools already leaves many businesses vulnerable to threat actors. What’s more, vulnerability reports generated by AI with “confidently wrong” false positives can add additional friction and become burdensome to security teams. 

Based on the reactions I have seen on Twitter, I think today’s ideas of how AI will replace humans in cybersecurity is perhaps a bit overhyped, while ideas of how AI will augment human capabilities in cybersecurity are underhyped.

Today we are seeing ethical hackers use existing AI to help with writing vulnerability reports, generating code samples, and identifying trends in large data sets. This is all to say that the best application for the AI of today is to help humans do more human things.

Last edited 1 month ago by Dane.Sherrets
Matt.Psencik
Matt.Psencik , Director, Endpoint Security Specialist
InfoSec Expert
December 8, 2022 12:54 pm

“ChatGPT is one of the first chatbots that has impressed me with its ability to be asked incredibly complex questions and then provide back an understandable reply. Is it free of bugs and perfect? No, but it never claimed to be, given it’s still in beta. Even once it moves to production, it will likely still not get everything right as all learning models have some flaws which poke through to individual answers.
 
  “The power I see here is the ability to rapidly get a gist of what’s going on and then be able to search a related topic to check that answer when starting from nothing. A good example from the cybersecurity side of the house is the ability to take a snippet of code (be that raw hex, assembly, or a high-level language like python or C++) and ask the bot “What does this code do?” I could spend hours taking each section of that code, searching what each keyword or flag does, and then eventually figure out what it’s doing, or I can ask ChatGPT to give me a high-level summary and then examine broken-down sections of the explanation to rapidly learn what it all does. It’s not a magical orb that gives us all the answers, but it’s akin to a group of tutors and experts in a room answering what they know about a subject in a digestible manner that allows for rapid knowledge transfer.
 
  “ChatGPT should be used as a supplemental tool on your belt but it’s only as good as the questions it’s asked, the models it was trained on, and most importantly the comprehension abilities of the brain who asked the question in the first place.”

Last edited 1 month ago by Matt.Psencik
Matt.Psencik
Matt.Psencik , Director, Endpoint Security Specialist
InfoSec Expert
December 8, 2022 11:13 am

ChatGPT is one of the first chatbots that has impressed me with its ability to be asked incredibly complex questions and then provide back an understandable reply. Is it free of bugs and perfect? No, but it never claimed to be given it’s still in beta. Even once it moves to production it will likely still not get everything right as all learning models have some flaws which poke through to individual answers. The power I see here is the ability to rapidly get a gist of what’s going on and then be able to search a related topic to check that answer when starting from nothing. A good example from the cybersecurity side of the house is the ability to take a snippet of code (be that raw hex, assembly, or a high-level language like python or C++) and ask the bot “What does this code do?”I could spend hours taking each section of that code, searching what each keyword or flag does, and then eventually figure out what it’s doing, or I can ask ChatGPT to give me a high-level summary and then examine broken-down sections of the explanation to rapidly learn what it all does. It’s not a magical orb that gives us all the answers, but it’s akin to a group of tutors and experts in a room answering what they know about a subject in a digestible manner that allows for rapid knowledge transfer. ChatGPT should be used as a supplemental tool on your belt but it’s only as good as the questions it’s asked, the models it was trained on, and most importantly the comprehension abilities of the brain who asked the question in the first place.

Last edited 1 month ago by Matt.Psencik

Recent Posts

3
0
Would love your thoughts, please comment.x
()
x