While large language models (LLMs) like ChatGPT are revolutionary, they pose a security risk, senior U.S. officials and cybersecurity experts said at the recent RSA Conference 2023.
During the 32nd International RSA Conference, which ran from Monday to Thursday, officials from the Cybersecurity & Infrastructure Agency (CISA) and the National Security Agency (NSA) joined industry experts to discuss the potential benefits and risks of AI systems for cybersecurity.
Cybersecurity experts warned that despite safety measures, AI tools like ChatGPT can be used to create sophisticated malware and facilitate online scams. On the other hand, they can also be used to create highly effective AI-powered security solutions.
Eric Goldstein, the executive assistant director for cybersecurity at CISA, said companies that are deploying the latest AI models may be exposing themselves to risks as there’s much we still don’t know about these systems. CISA is currently studying the positive and negative ways AI systems can be used and will recommend best practices for AI deployment, he said.
The Threat to AI Companies
Morgan Adamski, chief of the NSA’s Cybersecurity Collaboration Center, warned that AI companies could start facing persistent threats like other companies that produce key technologies.
“Without a doubt, I think that you’ll see a persistent threat against AI companies in a way that we’ve seen with other technologies,” Adamski said, adding that it’s also important to protect the supply chain of AI companies.
Rob Joyce, director of the NSA’s cybersecurity directorate, said intellectual property (IP) improvements in the AI field could be targeted, and companies need to worry about protecting them. The surge in the deployment of generative models could create more risks, he added.
China-based hackers and other foreign threat actors could be looking to steal AI-related IP, Joyce noted, explaining that it has both economic and military value.
“We are seeing it in their foreign investment decisions where they are no longer going after the bricks and mortar assets, but now the assets that they are going after are data sets, algorithms, and software,” US Deputy Attorney General Lisa Monaco said at an RSA panel.
How Cybercriminals Can Leverage AI Technology
Stephen Sims, the curriculum lead for SANS Offensive Operations, explained how he tricked ChatGPT into writing ransomware and deciphering a Bitcoin wallet in the process.
Unlike its predecessors, ChatGPT-4 is more resistant to attempts to get it to write malicious code. However, Sims found that by rewording his prompt and breaking up the process, he could get ChatGPT-4 to write the “first part” of a ransomware code. Malwarebytes Labs was also able to do this last month.
These are just a few ways cybercriminals can leverage AI technology. In March, Europol released a report exploring the various ways cybercriminals can exploit large language models like ChatGPT for criminal purposes.
“We are seeing this collision of geopolitical threats and technology risk colliding probably at a pace faster than at any time at least in my lifetime,” CISA ex-director Chris Krebs said during a panel discussion at the RSA Conference 2023.
Many countries have banned or restricted access to ChatGPT due to privacy fears and other concerns. If ChatGPT is not available in your country or region, refer to our guide to accessing ChatGPT from anywhere to learn how to go circumvent these restrictions.
