ChatGPT is a year old today but not all cybersecurity experts are celebrating
Happy birthday ChatGPT. It’s hard to process that the generative AI tool is only a year old today, considering how much impact it has had on organisations across every sector. But what about its impact on cybersecurity? What are the future implications for both defensive and offensive security teams?
To find out, TechFinitive has gauged opinions from cybersecurity experts. Not all of them feel like getting the birthday cake out.
More AI regulations to come in 2024
As we reported earlier this week, regulatory guidelines on the use of AI are still in short supply. “I think the [UK] government has been smart to balance precaution with room for innovation,” says Will Poole, Head of Incident Response at CYFOR Secure.
“With that said, next year will surely see governments and regulators continue to question aspects of AI so that businesses can benefit from the technology’s potential without unchecked risk.”
Poole also expects that “we will see legislation targeting the large, foundational AI models created by companies such as OpenAI rather than smaller, less powerful or open-source models”. This still leaves us with the smaller and readily available open-source generative AI models that will pose a risk to organisations and attract malicious actors like a magnet.
AI-enhanced phishing
According to the latest Hacker-Powered Security Report by HackerOne, just over half of the hackers questioned (53%) have started to use generative AI in some form. A notable 61% of those hackers do so specifically to find vulnerabilities in applications and services.
But there is good news. Chris Dickens, Sr Solutions Engineer at HackerOne, says that generative AI “has also become a powerful tool for [ethical hackers] to seek out vulnerabilities and protect organisations at even more speed and scale“.
Human risk security management platform CybSafe has also been doing some research. It found that some 89% of workers admitted to sharing sensitive information with generative AI tools such as ChatGPT.
Given that the same research suggests a mere 21% of people can tell the difference between human and AI-generated text, that’s a very real security issue.
The problem of dealing with those security risks can be highlighted in the finding that 69% of those asked still thought AI tools were a good thing despite the obvious security concerns.
“We’re seeing cybercrime barriers crumble, as AI crafts ever more convincing phishing lures,” says Dr Jason Nurse, CybSafe’s Director of Science and Research. “The line between real and fake is blurring, and without immediate action, companies will face unprecedented cybersecurity risks.”
How big is the risk? “33% of employees are entering sensitive data into AI on a weekly basis,” said Nurse, adding that this can lead to data leaks. “Our behaviour at work is shifting, and we are increasingly relying on generative AI tools. Understanding and managing this change is now crucial.”
NEXT UP
Why Rotterdam is a tech haven: a love letter from a startup
We reached out to Kees Wolters asking for a comment on Rotterdam as one of the best cities in Europe for tech workers – he sent us what amounted to a love letter to the city, which we decided to publish in full (with his consent), below.
Verizon and Skylo launch direct-to-device messaging using satellites
Verizon and Skylo partnered to launch a direct-to-device messaging service for customers and Internet of Things (IoT) enthusiasts.
IBM pushes for EU to make AI open and collaborative
If the EU wants to remain a global digital leader then it needs to make AI open and trusted. So says IBM in its new digital policy agenda for Europe.