PALO Alto Networks, a global cybersecurity leader, has just released striking new data. This report unveils a significant rise in targeted exploits around ChatGPT, OpenAI’s advanced language model, signaling a clear and urgent call for greater security measures in the world of artificial intelligence (AI). Sean Duca, the vice president and regional chief security officer for Asia-Pacific and Japan at Palo Alto Networks (PANW), voiced his concerns over our virtual conversation.

According to PANW’s threat intelligence team, Unit 42, witnessed a staggering 910 percent increase in monthly registrations of domains related to ChatGPT from November 2022 through April 2023. Upon investigation, Duca talked about how some of these domains were malicious in nature and set up for potential future misuse. A visit to these websites could expose a user’s system to malware attacks exploiting their vulnerabilities. They detected a surge in harmful activities with PANW’s Advanced URL Filtering system, identifying over 100 malicious URLs related to ChatGPT daily. Despite OpenAI providing free access to its services, unscrupulous actors have launched counterfeit websites that con people into paying for services, increasing the risk of identity theft and credit card fraud.

Duca elaborates on how cybercriminals are exploiting platforms like ChatGPT, attributing it to the unique benefits generative AI offers for scams, to monetize their illegal activities. Bad actors are finding ways to manipulate OpenAI’s ChatGPT to their advantage, such as devising more convincing phishing emails or fine-tuning malicious code. Despite the protective measures put in place by OpenAI, these actors have proven adept at repurposing these tools for their nefarious gains.

Faced with rising ChatGPT-related cyber threats, Duca emphasized the need for both consumers and businesses to ensure they access the platform through the legitimate OpenAI website (https://openai. com/). Exercising caution when clicking on links, especially those originating from unverified sources, is important. Businesses, in particular, should establish policies around the use of ChatGPT, bearing in mind concerns about inadvertently sharing sensitive information through the AI platform, potentially compromising confidentiality and privacy.

To safeguard users from malicious ChatGPT-related activities, some organizations and governments have gone as far as banning the use of the platform. Cybersecurity measures, such as implementing Palo Alto Networks’ next-generation firewall, could effectively prevent users from stumbling upon malicious websites and offer valuable insights into the traffic associated with ChatGPT. These measures help businesses identify potential issues or unauthorized use of the platform early on.

As generative AI’s popularity continues its upward trend, so too does the potential for scams associated with ChatGPT. New generative AI platforms, like Google’s “Bard,” and the “out-of-the-box $600” Alpaca by researchers of Stanford University only further fuel this trend. “If a bunch of researchers can do this with $600 then you can bet your bottom dollar that cyberattackers will be doing this as well,” Duca pointed out. Large language models based on the darknet pose an additional risk, adding to the complexity of the situation.

While the misuse of AI has caused apprehension, Duca underscores responsible use of AI holds a wealth of advantages, especially in the cybersecurity domain. AI could revolutionize cybersecurity measures by enhancing anomaly detection, risk assessment, automation, and identification of zero-day exploits. With a 15-year AI history, PANW has used AI from its neural network inception for complex tasks, like pattern matching and malware classification.

Drawing from his over two decades of experience in the IT security sector, Duca serves as a trusted advisor to organizations, assisting them in strengthening their security strategies to align with their business goals. He likens preparation against potential cybersecurity threats to the continuous training undertaken by athletes or defense force personnel, advocating for a proactive approach to cybersecurity.

Duca emphasizes the importance of reviewing past cyber incidents to assess an organization’s readiness and prepare contingency plans for likely threats, such as ransomware attacks. If breaches occur, the emphasis should shift from blame to the development of resolution and action plans. Past cyberattacks should be analyzed to guide vulnerability assessments and response planning. For organizations unsure of their susceptibility to similar attacks, Duca recommends further investigation to ensure readiness. “Let’s actually plan and rehearse and prepare ourselves” for potential cyber threats to mitigate the damage if they occur.