Crimeware

WormGPT: A New Malicious Use for AI

By this point, most everyone is at least casually familiar with the AI software ChatGPT, which allows users to input a variety of requests and parameters to produce original pieces of writing. This has resulted in a previously user-generated activity now being automated en masse, altering the way we engage with writing as well as how we communicate with one another. It is enough to say, despite the newness of the technology, that ChatGPT and its brethren are already revolutionizing our world.

With any powerful technology, however, there is an opportunity for bad actors to manipulate the tool for their own ends. A new entrant to the world of hacking, WormGPT, is being sold as the cyber hacking version of ChatGPT for the variety of ways in which it can be utilized to support cyberattacks. The first use is relatively banal but still dangerous: remember those phishing emails you used to receive from a displaced/overthrown foreign prince? With WormGTP, cybercriminals have a go-to tool to enhance the language of their emails and make every sentence in their attacks appear legitimate.

The second use of WormGPT is a bit more chilling. Currently, AI technologies like ChatGPT are designed to have certain safeguards in place to ensure they are not used to develop malicious code or create other pernicious attacks. But these safeguards have not deterred cybercriminals who have been able to override these protections and force these AI systems to execute dangerous code. The third use of this nefarious technology involves bad actors creating a version of WormGTP that is designed for the sole purpose of generating cyberattacks. Here, bad actors input their parameters into the AI language bot, in turn receiving code that can be used to infect other computers.

With the increase of new entrants into the world of cyber hacking, it is imperative that individuals stay current on protection and take commonsense steps, such as practicing caution with any emails they open. Do not review emails from addresses you are unable to verify, and do not open tabs to links or download files. Remember: no matter whether an email looks sophisticated and well-written, it might still be a phishing scam. Sometimes the only way to ensure safety from attacks is to abstain from behaviors that could make you vulnerable to them.