As artificial intelligence (AI) becomes more accessible, concerns arise about its potential misuse for malicious purposes. The emergence of large language models (LLMs), such as “WormGPT” and “FraudGPT,” designed to execute phishing campaigns and generate malicious code, has raised eyebrows. However, a closer examination reveals that the threat of AI-accelerated hackers might not be as imminent as some headlines suggest. Let’s delve into the nuances of these AI-powered tools and their real impact.
1. A New Breed of LLMs
The dark web has witnessed the creation of LLMs like “WormGPT” and “FraudGPT,” advertised as capable of conducting phishing attacks, crafting convincing business email compromise schemes, and writing malicious code. These LLMs have even been touted for identifying vulnerabilities and creating scam web pages. The potential risks are concerning, but there’s more to the story.
2. GPT-J: The Foundation of WormGPT
WormGPT, based on the GPT-J model, emerged in July as an LLM lacking many of the safeguards present in its more sophisticated counterparts like OpenAI’s GPT-4. However, GPT-J’s capabilities are somewhat outdated, and it performs significantly worse than GPT-3 at tasks other than coding. As a result, WormGPT’s proficiency in generating phishing emails might not be as exceptional as feared.
3. Limited Effectiveness of WormGPT
Cybersecurity experts tested WormGPT’s ability to generate convincing emails for business email compromise attacks. The results showed that while the generated code was somewhat correct, it was fairly basic and similar to existing malware scripts found on the web. Moreover, WormGPT fails to address the most challenging aspect of hacking: obtaining the necessary credentials and permissions to compromise a system.
4. FraudGPT’s Ambiguous Claims
FraudGPT, a variant of GPT-3, has also been advertised on dark web forums as “cutting-edge” with the ability to create undetectable malware and uncover websites vulnerable to credit card fraud. However, details about the LLM’s architecture are scarce, and the over-hyped language used in its marketing raises skepticism about its actual capabilities.
5. Overblown Claims
Some malicious LLMs are being marketed to instill fear, similar to the tactics employed by legitimate companies seeking attention. In reality, these AI-powered hacking tools lack substance and originality. A demonstration of FraudGPT generating a text for an SMS spam attempt showcased a rather unconvincing and generic message.
6. Limited Accessibility
While the potential risks are concerning, it’s essential to recognize that these malicious LLMs are not widely available. Creators like WormGPT and FraudGPT are selling subscriptions to their tools at a price and restricting access to their codebases, preventing users from modifying or distributing the models independently.
7. Putting the Threat in Perspective
Though the sensational headlines might lead one to fear the worst, the reality is that AI-powered hacking tools like WormGPT and FraudGPT are not capable of causing the downfall of corporations or governments. At most, they might provide a quick profit for the individuals behind their creation.
Conclusion
As AI continues to advance, concerns about its misuse for malicious purposes will persist. While the emergence of AI-powered hacking tools is indeed a matter of concern, the current breed of LLMs lacks the sophistication and capability to pose a catastrophic threat. Nevertheless, vigilance and responsible use of AI remain crucial to safeguarding against potential risks.
