ChatGPT-4 demonstrates powerful cyberattack capabilities
A study found ChatGPT-4 highly effective in launching cyberattacks, raising cybersecurity concerns.
A recent study has revealed that ChatGPT and similar large language models (LLMs) are highly effective in launching cyberattacks, raising significant concerns in the cybersecurity field.
Researchers Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang tested ChatGPT-4 against 15 real-life ‘one-day’ vulnerabilities, finding that it could exploit these vulnerabilities 87% of the time. These vulnerabilities included websites issues, container management software, and Python packages, all sourced from the CVE database.
The study utilised a detailed prompt with 1,056 tokens and 91 lines of code, including debugging and logging statements. The research team noted that ChatGPT-4’s success stemmed from its ability to handle complex, multi-step vulnerabilities and execute various attack methods. However, without the CVE code, ChatGPT-4’s success rate plummeted to just 7%, highlighting a significant limitation.
The researchers concluded that while ChatGPT-4 currently stands out in its ability to exploit one-day vulnerabilities, the potential for LLMs to become more powerful and destructive is a major concern. They emphasised the importance of the cybersecurity community and LLM providers collaborating to integrate these technologies into defensive measures and carefully consider their deployment.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.