A recent study has highlighted the alarming potential of ChatGPT and other large language models (LLMs) in executing cyberattacks, raising significant concerns in the cybersecurity sector.
Conducted by researchers Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang, the study tested ChatGPT-4 against 15 real-world ‘one-day’ vulnerabilities. The results were striking: the model successfully exploited these vulnerabilities 87% of the time. These vulnerabilities spanned websites, container management software, and Python packages, all sourced from the CVE database.
The study used a comprehensive prompt comprising 1,056 tokens and 91 lines of code, complete with debugging and logging statements. The researchers observed that ChatGPT-4’s effectiveness lay in its capacity to navigate complex, multi-step vulnerabilities and execute various attack strategies. However, when the CVE code was omitted, the success rate of ChatGPT-4 plummeted to a mere 7%, underscoring a significant limitation.
In their conclusion, the researchers noted that while ChatGPT-4 currently excels at exploiting one-day vulnerabilities, the potential for LLMs to become even more powerful and destructive poses a serious threat. They stressed the necessity for collaboration between the cybersecurity community and LLM providers to integrate these technologies into defensive strategies and carefully consider their deployment.
