Is ChatGPT Ready to Disrupt Cybersecurity?

By Anurag Gurtu, Co-Founder & CPO, StrikeReady

We’ve seen so many advancements in artificial intelligence within just a few years. ChatGPT is definitely one of the most recent ones – and a name that has been on the minds of many people. It’s essentially a chatbot that uses artificial intelligence to have a “conversation” with you. ChatGPT is one of the most advanced options of its kind and boasts over 100 million users already. If you’ve tried ChatGPT yourself, then you already know just how powerful this tool is, but did you know that it could hold the potential to disrupt the cybersecurity industry?

Data Analysis And Predictive Functionality of AI

In just a decade, the number of data breaches that happen in the US increased significantly. About 662 breaches happened every day in 2010. And by 2021, companies in the US recorded over 1000 of these breaches on a daily basis. When your company is affected by a breach, it can take a long time to recover and contain it. In fact, the average time it takes to contain these data breaches is about 80 days.

This is an important area where ChatGPT and similar technologies can be useful. The problem with these breaches is the fact that there is usually a significant amount of data that cybersecurity experts and other staff need to go through. This type of assessment is crucial to see the scope of the data breach or attack, but can take a very long time to complete.

ChatGPT can be a very valuable tool when it comes to incident response. The faster a situation is assessed, the quicker you can take appropriate action. You’ll be able to feed the data to the ChatGPT API in order to obtain assistance with the incident response. The bot can help with analyzing your system logs and configurations. This can help you identify where and how the breach happened, and also gain a better view of what data was leaked during the attack.

This is not where the help offered by ChatGPT ends, however. You’ll be able to take advantage of ChatGPT to generate scripts and prompts to strengthen the security of your network. It’s a great way to reduce the risk of another attack that leads to a breach in the future.

ChatGPT can also help you determine the potential risk of a phishing attack. This is due to its potential when it comes to analyzing data you enter into the chatbot. By simply pasting text from an email or a social media post into ChatGPT, the bot analyzes the language and writing. You’ll be able to ask ChatGPT if the text seems suspicious and could be linked to one of these phishing attacks before opening any attachments or links.

This particular factor also makes the AI technology useful in employee training programs. You can use ChatGPT to generate texts that are typically found in phishing emails, then present these examples to employees. By educating your staff on things to look out for in emails that contain susceptible attachments, you are able to further strengthen your defenses against attacks.

ChatGPT And Ethical Hackers

Not all hackers are criminals. Ethical hackers focus on helping to strengthen a company’s cybersecurity by offering simulated hacking services. The use of ethical hackers can help a company identify faults in their security systems.

ChatGPT is also a great tool for ethical hackers, as well as experts who focus on penetration testing. These hackers can use ChatGPT in order to generate messages for emails and social media posts that will be used in phishing simulations. It’s also possible to ask ChatGPT to provide step-by-step instructions on identifying vulnerabilities and to write a script that will be useful in penetration tests.

Following the testing procedures, ethical hackers can use ChatGPT to assist with writing scripts and commands that can be used after the exploitation. These scripts can then ensure the ethical hacker is able to determine how much data can be breached through the vulnerability that they discovered.

What Are The Downsides To These Technologies In Cybersecurity

The developments in AI surely offer certain benefits for cybersecurity, but we should not overlook the downsides and errors that may accompany these technologies. As we mentioned previously, the technology can assess large amounts of data and then provide predictive output or summaries.

Hackers who gain access to valuable information could also take advantage of these features. When the hackers need to scan through a large amount of data, they could turn to these software solutions in order to quickly find the information that holds the most value. By summarizing existing data that the hacker has access to, the software might also become a tool used to identify patterns that could make breaching passwords easier.

Conclusion

With several emerging technologies that use ChatGPT’s APIs and similar AI functions, many companies are trying to strengthen cybersecurity. The use of these technologies can make the process of filtering through data, summarizing reports, and even predicting attacks much easier. We looked at some of the main ways in which the tech is going to disrupt cybersecurity in the upcoming future.

About the Author

Anurag Gurtu is Co-Founder & CPO of StrikeReady. He has over 18 years of cybersecurity experience in product management, marketing, go-to-market, professional services and software development. For the past seven years, Gurtu has been deeply involved in various domains of AI, such as Natural Language Understanding/Generation and Machine Learning (Supervised/Unsupervised), which has helped him distill reality from fallacy and the resulting confusion that exists in cybersecurity with real-world applicability of this technology. Gurtu was fortunate enough to have experienced three company acquisitions (by Splunk, Tripwire and Sun Microsystems) and an early-stage startup that went public (FireEye). Gurtu holds an M.S. degree in Computer Networks from the University of Southern California and numerous cybersecurity certifications, including CISSP, CCNP Security and more.

Anurag can be reached online at LinkedIn and at our company website www.strikeready.co.