A recent study has revealed that ChatGPT and similar large language models (LLMs) are highly effective in launching cyberattacks, raising significant concerns in the cybersecurity field.
Researchers Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang tested ChatGPT-4 against 15 real-life ‘one-day’ vulnerabilities, finding that it could exploit these vulnerabilities 87% of the time. These vulnerabilities included websites issues, container management software, and Python packages, all sourced from the CVE database.
The study utilised a detailed prompt with 1,056 tokens and 91 lines of code, including debugging and logging statements. The research team noted that ChatGPT-4’s success stemmed from its ability to handle complex, multi-step vulnerabilities and execute various attack methods. However, without the CVE code, ChatGPT-4’s success rate plummeted to just 7%, highlighting a significant limitation.
The researchers concluded that while ChatGPT-4 currently stands out in its ability to exploit one-day vulnerabilities, the potential for LLMs to become more powerful and destructive is a major concern. They emphasised the importance of the cybersecurity community and LLM providers collaborating to integrate these technologies into defensive measures and carefully consider their deployment.
Source:dig.watch