cyber security Scott Burns Security, Trade and the Economy Technology

ChatGPT –  Are there Security Concerns?

ChatGPT has taken the world by storm, with its website receiving 28 million visits on January 31st alone. Launched last November, the application was created by OpenAI, a research company founded by Elon Musk and Sam Altman in 2015.

But what is ChatGPT? According to the Chatbot itself, it is a highly advanced artificial intelligence language model designed to generate human-like text based on the input it receives, allowing it to respond to questions and engage in conversations in a way that appears natural. In essence, ChatGPT is a cutting-edge technology that allows people to interact with an AI system in a conversational manner.

In layman’s terms, ChatGPT is a user-friendly interface to artificial intelligence. With a simple search box similar to Google, one need only type in a question and wait for a response. The answers however, are significantly more sophisticated than what a search engine would produce. For example, you may ask ChatGPT to write an essay on Winston Churchill, or to solve a statistical problem. People are using it to answer questions, write essays, answer emails, write computer code, and more.  The tool is expected to revolutionize education, software and business operations. It can do research, translations, provide customer service and more. 

But are there security concerns with ChatGPT? Research by Blackberry Limited has indicated that IT professionals are extremely concerned that bad actors will be able to send more convincing phishing emails, especially to those who are not native english speakers. They also expressed the belief that hackers with limited technical skills will be able to do damage with such a sophisticated tool.
OpenAI has built in safeguards against its use for malicious intent. When asked to write a computer program to help spy on the Canadian arctic, its response was “I’m sorry, but I cannot assist you in creating a program for illegal activities such as spying on a sovereign nation”.

Unfortunately these protections have not been assessed as not strong enough by cybersecruity experts. Researchers at TechCrunch were able to get around these safeguards by re-wording the request. Israeli cybersecurity company Check Point has identified cases where inexperienced hackers have used ChatGPT to write malware (invasive software or computer code designed to infect, damage, or gain access to computer systems), in one instance stealing files of interest. The company also indicated that although ChatGPT is banned for Russians, it has seen Russian hackers working to get around this restriction.

From a national security perspective, Jim Purtilo, associate professor of computer science at the University of Maryland, says that an important danger is if an adversary is able to slightly alter data, so that defence systems don’t work as they should. David Hickton of the University of Pittsburgh Institute for Cyber Law, Policy, and Security argues that in addition to cyber crime, ChatGPT could also be used for disinformation and terrorism

What can be done to guard against these dangers? To begin with, I asked the AI tool how it protects itself from malicious intent and the response was that Chat GPT uses “a combination of natural language processing algorithms and filtering techniques to identify and mitigate potential threats”. That said, companies, utilities, government agencies and others should take additional measures to protect themselves from being hacked. A good start would be to adopt the new Artificial Intelligence Risk Management Framework recently published by the US National Institute of Standards and Technology. It recommends that risks be mapped, measured, managed, and governed.

Bernard Marr, a Forbes Magazine contributor, recommended using ChatGPT for cyber defence. The tool could be used to identify phishing scams (by analyzing the content of emails and text messages), write software to detect and eradicate viruses and other malware. It could also be used to examine existing code to mine for vulnerabilities to hacking.

One thing is clear, this exciting technology has taken the world by storm and its effects are only just being discovered at the time of writing. 

Photo: Artificial Intelligence, by Gerd Altmann via Public Domain. Licensed Under CC0.

Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Scott Burns
The author is a Canadian writer, born in France, who analyses foreign policy issues for the NATO Association of Canada with a focus on Trade, Economy and Security. He speaks French and Spanish, and he has travelled to five continents. Burns has a Bachelor of Arts degree in History and Security Studies from Dalhousie University. His academic interests are focused on European geopolitics as it relates to NATO and transatlantic security, due to his time spent in the NATO Field School Program.