Chatbots in a Botnet World

TL;DR

This paper explores how advanced chatbots like ChatGPT can understand and generate complex cybersecurity tools and techniques, revealing both capabilities and risks in automated code generation for malicious purposes.

Contribution

It demonstrates ChatGPT's ability to produce sophisticated cybersecurity attack code, highlighting potential security implications of AI language models.

Findings

ChatGPT can generate malware-like code including keyloggers and ransomware.

The model demonstrates self-replication and evasion strategies.

It can embed executable code within images or links.

Abstract

Question-and-answer formats provide a novel experimental platform for investigating cybersecurity questions. Unlike previous chatbots, the latest ChatGPT model from OpenAI supports an advanced understanding of complex coding questions. The research demonstrates thirteen coding tasks that generally qualify as stages in the MITRE ATT&CK framework, ranging from credential access to defense evasion. With varying success, the experimental prompts generate examples of keyloggers, logic bombs, obfuscated worms, and payment-fulfilled ransomware. The empirical results illustrate cases that support the broad gain of functionality, including self-replication and self-modification, evasion, and strategic understanding of complex cybersecurity goals. One surprising feature of ChatGPT as a language-only model centers on its ability to spawn coding approaches that yield images that obfuscate or embed executable programming steps or links.