Concerns around ChatGPT and OpenAI

-

Let's level set; what are OpenAI and ChatGPT?

OpenAi 

OpenAI is an artificial intelligence research laboratory founded in December 2015 by tech luminaries such as Elon Musk, Greg Brockman, Reid Hoffman, Peter Thiel, and Sam Altman. OpenAI's mission is to promote and develop friendly artificial intelligence in a way that is most likely to benefit humanity as a whole, unconstrained by a need to generate a financial return. Its research aims to "advance digital intelligence in the way that is most likely to benefit humanity in the long term." OpenAI is associated with various activities, such as developing software applications and services powered by machine learning. 

ChatGPT

ChatGPT is a natural language processing (NLP) model developed by OpenAI. It is based on the GPT-2 natural language processing model and is designed to generate conversations in chatbot applications. The ChatGPT model is trained on conversational datasets and can generate natural-sounding responses to queries by predicting the next likely word in a conversation. It can also intelligently track topics over multiple conversation turns and has various features for customizing the generated output.

ChatGPT is an artificial intelligence chatbot designed to improve the security of instant messaging conversations by automatically responding to messages and requests with bot-generated automated responses. ChatGPT can quickly block and reject suspicious messages, reducing the risk of accidental data leakage. It can also help to keep conversations safe from malicious attacks by automatically filtering out unwanted or malicious content. By ensuring that all conversations remain secure and relevant, ChatGPT can help to improve the overall security of conversations and protect users from potential cyber threats. 

A chatbot, GPT, or the Generative Pre-trained Transformer, has recently been involved in security news due to its potential to access confidential information and other sensitive data. GPT is an artificial intelligence system that can read, write, and think like humans. This means it could be used to get protected or secret information that humans wouldn't usually be able to access. People need to know about the security risks associated with GPT, as it could threaten our privacy.

Definitely some tremendous innovation! I've found so much value in ChatGPT filling in the blanks in many areas of my day to day.

So, what are some concerns? 
An interesting article from Check Point Research reads...


OPWNAI: AI THAT CAN SAVE THE DAY OR HACK IT AWAY
Due to ChatGPT, OpenAI’s release of the new interface for its Large Language Model (LLM), there has been an explosion of interest in General AI in the media and on social networks in the last few weeks. This model is used in many applications all over the web and has been praised for its ability to generate well-written code and aid the development process. However, this new technology also brings risks. For instance, lowering the bar for code generation can help less-skilled threat actors effortlessly launch cyber-attacks.

From image generation to writing code, AI models have made tremendous progress in multiple fields, with the famous AlphaGo software beating the top professionals in the game of Go in 2016, and improved speech recognition and machine translation that brought the world virtual assistants such as Siri and Alexa that play a major role in our daily lives.

Recently, public interest in AI spiked due to the release of ChatGPT, a prototype chatbot whose “purpose is to assist with a wide range of tasks and answer questions to the best of my ability.” Unless you’ve been disconnected from social media for the last few weeks, you’ve most likely seen countless images of ChatGPT interactions, from writing poetry to answering programming questions.

However, like any technology, ChatGPT’s increased popularity also carries increased risk. For example, Twitter is replete with examples of malicious code or dialogues generated by ChatGPT. Although OpenAI has invested tremendous effort into stopping abuse of its AI, it can still be used to produce dangerous code.

To illustrate this point, we decided to use ChatGPT and another platform, OpenAI’s Codex, an AI-based system that translates natural language to code, most capable in Python but proficient in other languages. We created a full infection flow and gave ourselves the following restriction: We did not write a single line of code and instead let the AIs do all the work. We only put together the pieces of the puzzle and executed the resulting attack.

We chose to illustrate our point with a single execution flow, a phishing email with a malicious Excel file weaponized with macros that downloads a reverse shell (one of the favorites among cybercrime actors). To read more visit Check Point Research.

Summary

The expanding role of LLM and AI in the cyber world is full of opportunity but also comes with risks.  Although the code and infection flow presented in this article can be defended against using simple procedures, this is just an elementary showcase of the impact of AI research on cybersecurity. Multiple scripts can be generated quickly, with slight variations using different wordings. Complicated attack processes can also be automated, using the LLMs APIs to generate other malicious artifacts. Defenders and threat hunters should be vigilant and cautious about adopting this technology quickly; otherwise, our community will be one step behind the attackers.

Reference Links:

ChatGPT
OpenAI
Check Point Research


OpenAI Tools | Quick Cheat Sheets







Popular

Federated user activity made easy

-
Image
 Federated user activity made easy. The other day I was auditing a sandboxed account in AWS and started investigating resources connected to a federated role for a group of students that are no longer enabled on the account. I noticed a few objects that should have been elsewhere or terminated after the fact, regardless, neither here nor there. After about 30 minutes of sifting through logs, creating custom queries, and trying to put them together, I lost interest because of the time and day-to-day priorities. I felt this was a good use case for me to test out some of the functionality of CloudGuard's investigation and correlation engine within the platform and try out this voice-over platform. Enjoy - Video below: if you feel inclined to research further, visit the product page
Read more

Google Cloud: Container Registry will be replaced by Artifact Registry

-
Spoiler Alert: (you've got some time) Container Registry will be replaced by Artifact Registry. Please upgrade your projects to Artifact Registry before March 18, 2025. On March 18, 2025 , Container Registry will be replaced by Artifact Registry . We understand this change may affect your production workloads, so we've put together resources to make this transition as smooth as possible for you. What do you need to know? To retain access to your container images, please take note of these critical dates and actions you need to take related to the Container Registry shutdown: March 18, 2025: You will no longer be able to push new images to Container Registry. April 22, 2025: You will lose access to existing images in Container Registry. To maintain access, you must copy them to the Artifact Registry before this date. May 22, 2025: All requests to the gcr.io domain will be handled exclusively by Artifact Registry. Ensure the Artifact Registry...
Read more

Meet Kaniko

-
Image
So, what is kaniko? Kaniko is a tool to build container images from a Dockerfile inside a container or Kubernetes cluster. Another great callout for me is that my CI provider, GitLab makes it super easy to implement in my pipelines. Kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile entirely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. How does Kaniko work? The kaniko executor image is responsible for building an image from a Dockerfile and pushing it to a registry. Within the executor image, we extract the filesystem of the base image (the FROM image in the Dockerfile). We then execute the commands in the Dockerfile, snapshotting the filesystem in userspace after each one. After each command, we append a layer of changed files to the base image (if there are any) and update image metadata. Highly recommend visiting their  repo  ...
Read more