Artificial intelligence, now an indispensable part of our lives, continues to advance, evolve, and demonstrate its potential across a wide range of applications and industries. The development of new AI techniques and models has led to significant adoption and progress in this field, particularly in the fight against cyber threats.
That is why implementing privacy policies is essential, as AI relies heavily on large amounts of data to function properly. Furthermore, this raises serious questions about the privacy and security of personal data.
Furthermore, given the growth and expansion of AI, it is necessary to implement effective control and security measures to limit the information made available to users, ensuring that it is used ethically and that there is awareness and best practices regarding its use, as well as restrictions on the information provided to users.
Circumventing these ethical restrictions has become the goal of many stakeholders, enabling AI to provide us with all kinds of information. Even cybersecurity companies have revealed various methods for circumventing these limitations.
With this foundation in place, it was only a matter of time before AI was optimized for creating malware, and that is how WormGPT came to be—an alternative to GPT models like ChatGPT or Google Bard, which restrict and reject such requests.
This AI, which has been promoted on the Dark Web in recent days, has no ethical or security safeguards, allowing malicious actors to use it indiscriminately, create malicious code, and optimize it to carry out cyberattacks.
One area where cybercriminals have been observed using AI is in the creation of malware. Machine learning algorithms can help attackers develop malware that is more stealthy and harder to detect, capable of bypassing traditional security systems.
One of the main attack vectors involves compromising corporate email accounts. Artificial intelligence can generate language that closely mimics human speech, which increases the effectiveness of the attack. WormGPT demonstrated this by creating a phishing email targeting businesses, and the results were deeply concerning. This also highlighted the fact that, at present, anyone with even a basic understanding of cybersecurity can carry out complex attacks.
According to data from Computerworld, in 2021 alone, 83% of companies fell victim to a successful phishing attack, and of those, more than half experienced a customer data breach. In 48% of cases, credentials and accounts were compromised. The GPT worm is expected to drive these numbers up in 2023, alongside the increasing sophistication of these attacks.
Another feature of this artificial intelligence is its ability to generate malware. Even users with no programming or computer science skills can ask the AI to create malicious code based on predefined conditions. This capability has been demonstrated through various requests, including those designed to collect system information such as browsing data or the history of passwords stored in the browser.
Artificial intelligence applied to cybersecurity continues to evolve, and given the widespread concerns it raises, it is essential to implement controls and security measures regarding the content provided to users.
Reference: 54% of successful phishing attacks result in customer data breaches | CYBERCRIME | CSO Spain (computerworld.es)
