Share this article on:
Artificial intelligence (AI) is set to change the cyber security industry in a major way. We already know that AI tools are being used by threat actors, but a new study is testing whether or not these tools can be used to fight cyber crime.
Researchers from the Energy and Resources Institute at Charles Darwin University (CDU) teamed up with the Institute for Advanced Studies at Christ Academy in India to test whether generative AI tools like ChatGPT were capable of aiding cyber professionals in the fight against cyber threats.
In the study, the researchers trailed ChatGPT’s penetration testing (pen testing) capabilities, attempting to see if it could automate tasks such as vulnerability assessments, scanning, reconnaissance, exploitation, and reporting activities.
It is worth noting that many organisations have already adopted AI to empower their cyber security practices, but the use of generative AI chatbots in this way is new.
The AI chatbot was prompted to inspect webpage source code, search for data within an archive and log in to a server anonymously and download data.
According to the study’s co-author, Dr Bharanidharan Shanmugam, senior lecturer in Information Technology at the CDU, ChatGPT was majorly successful in automating tasks.
“In the reconnaissance phase, ChatGPT can be used for gathering information about the target system, network, or organisation for the purpose of identifying potential vulnerabilities and attack vectors,” Shanmugam said.
“In the scanning phase, ChatGPT can be used to aid in performing detailed scans of the target particularly their network, systems and applications to identify open ports, services, and potential vulnerabilities.
“While ChatGPT proved to be an excellent GenAI tool for pen testing for the previous phases, it shown the greatest in exploiting the vulnerabilities of the remote machine.”
With cyber criminals already using generative AI chatbots in similar ways by automating processes or asking chatbots to perform tasks they may find difficult, the study’s findings show that fire can indeed be fought with fire.
However, like fire, AI usage can get out of control when not supervised, and Shanmugam says control over AI use must be “closely” monitored.
“Organisations must adopt best practices and guidelines, focusing on responsible AI deployment, data security and privacy, and fostering collaboration and information sharing,” added Shanmugam.
“By doing so, organisations can leverage the power of GenAI to better protect themselves against the ever-evolving threat landscape and maintain a secure digital environment for all.”