# 3 Ways ChatGPT Will Change Infosec in 2023
Source URL:     https://www.darkreading.com/vulnerabilities-threats/3-ways-chatgpt-will-change-infosec-in-2023
Date:           20230127T1500

ChatGPT took the world by storm after OpenAI opened it for testing on
Nov. 30, 2022. For an industry calloused by years of largely
unsatisfying AI and machine learning "innovations," the reactions have
been quite telling. Like many who are excited by its potential, I
believe this is finally the moment of clarity for how truly
revolutionary AI can be for information security.

It's also quite sobering, as there are already countless examples of how
it changes the game for black hats of all stripes. In one of the first
proofs-of-concept, NYU professor [Brendan Dolan-Gavitt][1] used ChatGPT
to exploit a buffer overflow vulnerability. Other examples include
writing malware with lightning speed and crafting convincing,
grammatically correct [phishing emails][2].

The [weaponization of AI][3] within cybersecurity is not new, but what
excites me the most about ChatGPT is its potential for closing
information security's biggest gap: the lack of sufficient talent, in
both breadth and depth of cybersecurity skills (i.e., specializations).
To illustrate this further, here are three ways ChatGPT will change
infosec in 2023.

## Advancing Crowdsourced Threat Intelligence

For quite some time, one of the industry's holy grails has been
successfully crowdsourcing [threat intelligence][4]. The promise stems
from the ability to see what's happening across a wide swath of
companies within a single vertical industry. Unfortunately, the greatest
impediment has been the lack of trust between organizations to share the
intelligence.

This is the problem that the array of ISACs across industries have been
trying to solve — with mixed results. Going forward, an information
sharing and analysis center (ISAC) could take an iteration of the
ChatGPT model with its natural language interface and feed it log data
submitted by ISAC constituents, based on implicit trust within the
group. The ISAC could then use ChatGPT to correlate network connections,
categories of malicious IP addresses and domains, and similar behaviors.
The results could produce a set of IDS rules that the ISAC constituents
should implement to protect themselves from threats. The ISAC also would
gain insight into the overall risk posture of the industry it
represents.

## Doing More With Existing Resources

The uncertain economy is putting pressure on security organizations to
implement hiring freezes to squeeze more productivity out of existing
resources. ChatGPT can be extremely beneficial here as a force
multiplier that enables one analyst to do the job of multiple people.

Generalists and entry-level staff can describe what they are seeing in
alerts and detections, and then ask ChatGPT to decipher their
observations to jumpstart the triage process. A specific example is
helping with practitioners' daily de-obfuscation of suspected malicious
code, which typically takes an hour or more. It now can be [performed in
seconds][5].

ChatGPT also has the potential to transform [incident response][6]. A
team can use the existing model and natural language processing to feed
all available data about an incident and describe the rationale for a
potential response. ChatGPT could then immediately prove or disprove a
theory about a compromise. Today, that involves several days of work by
an incident response lead, an engineer, and several analysts to fully
resolve an incident. I can foresee a future where the process doesn't
need an analyst at all.

## Taking the Malware Cat-and-Mouse Game to a New Level

Today, adversaries generate 100 million new malware samples per year.
Because they all require manual coding, it is still a finite, manageable
amount for signature detection. With ChatGPT, however, a hacker can say,
"Here's what I'm trying to do, and here's the OS I'm trying to do it
on," and it can generate hundreds of thousands of iterations of one
piece of malware.

This will mean that the detection engines' ML models must be recomputed
faster. It's far more complicated, because they're working against a
much larger data set. Fortunately, ChatGPT will supercharge the reverse-
engineering process and give anti-malware efforts a fighting chance.

For instance, a significant reverse engineering challenge is working
with a generic file name, which doesn't provide necessary context about
where it was found. This requires much more manual work to identify the
system for which it was built. There are minor changes in binary
assembly that have marked changes on the end result — e.g., was it
written for a 32-bit or 64-bit architecture? Is the system using Little
Endian or Big Endian? The answers determine the direction in which you
read the machine language (forward or backward).

All these efforts require trial and error if you have no context.
ChatGPT can run through these iterations at blazing speed and give
reverse engineers the final assembly language and process it from there.
They can take it further and have ChatGPT tell them what it thinks the
application is doing — in natural language. More importantly, ChatGPT
could do all of this at scale, analyzing hundreds of thousands of binary
samples and proving insights to an analyst.

It also can help fight back against common cat-and-mouse techniques. For
example, malware often contains anti-reverse engineering techniques,
such as nested loops, to make it much harder for reverse engineers to
keep track of what is happening and the end state. ChatGPT can figure
that out much faster than humans. It also can analyze the genetic code
of the malware and see where there may be code reuse to identify the
fingerprint of the author more quickly.

## Long-Term Implications

Whenever new advances in AI come to fore, there is the inevitable
concern about whether it will replace humans and their jobs. I don't
believe ChatGPT will make this happen, but it will make us more powerful
consumers of information. The force multiplier effect will be profound
at all levels. I can see CISOs feeding it a set of information about its
risk register for it to return policies and procedures, incident
response plans, and more — all tailored to their environments.

While ChatGPT is only a research preview, I share the excitement of my
industry colleagues about its promise to revolutionize how security
practitioners work.

  [1]: https://twitter.com/moyix/status/1598081204846489600
  [2]: https://www.youtube.com/watch?v=_MVczQBk9yo
  [3]: https://www.darkreading.com/vulnerabilities-threats/malicious-use-of-ai-poses-a-real-cybersecurity-threat
  [4]: https://www.darkreading.com/threat-intelligence
  [5]: https://twitter.com/_johnhammond/status/1604883395259121665
  [6]: https://www.darkreading.com/vulnerabilities-threats/proposed-sec-disclosure-rules-could-transform-cyber-incident-response

You are viewing proxied material from tilde.team. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.