By: Alex Passett
Earlier this month, cybersecurity solutions provider Network Assured released a report covering ongoing problems attributable to OpenAI’s ChatGPT. While perhaps not out of nowhere – because as valuable as a tool like ChatGPT can be, it also comes with its mega-sized share of risks – this report still puts a ton under the microscope; phishing scams, data leaks, malware intrusions and other types of disruptive breaches in which ChatGPT was involved.(Editor’s note: My initial word choice there was originally “… in which ChatGPT was entangled.” but that would half-imply that ChatGPT, through no fault of its users or its own functionalities, got roped into a bad situation. This simply isn’t the cave, given the AI’s parameters, or often lack thereof, how it’s being abused.)
Last month, for instance, an investigation into ChatGPT was launched after users were allegedly, “being shown excerpts of other users’ ChatGPT conversations, as well as their financial information.” According to Network Assured, as many as 1.2% of ChatGPT users might’ve been compromised. (That’s still a huge number.) As Network Assured wrote, “While the bug that caused the leak was quickly fixed, the leak’s impact on credit card fraud and identity theft may not be known for months.”
In the meantime, let’s examine the month of April* (i.e. so far; we’re only halfway through it*). ChatGPT-linked security events have included:
- At Samsung (News – Alert), staff members experienced leaks of sensitive data, including source code from defective equipment and even transcripts detailing private meetings.
- There’s been a 135% increase in novel phishing attacks with highly sophisticated language generated by ChatGPT. Said language was dangerously convincing, given it matched that of the organizations affected.
- Fake browser plugins posing as ChatGPT deployed malware to more than 2,000 users.
- Scammers have utilized ChatGPT to promote fake DeFi cryptocurrency tokens.
- New scripts were also discovered; these allowed bad actors to bypass ChatGPT’s illegal content filters.
Though none of these unfortunate events spell out end-of-the-world scenarios, that doesn’t mean they aren’t serious. Real action is needed.
Thankfully, it’s not all sour cons and no sweet pros. AI-powered tools are actively being harnessed to detect and prevent cyberwarfare. Nevertheless, the bulk of responsibility shouldn’t rest on the shoulders of users (and cybersecurity provisioners) alone.
Network Assured’s full report (with charts and specific breakdowns) can be read here.
Edited by Greg Tavarez