Chatbots such as ChatGPT might expose vulnerabilities to an organisation’s security that have not yet been considered, a security professional is warning.
Brendan McGarrity, pictured, Director of the installation company and consultancy Evolution Risk & Design, and a Fellow of the Security Institute (FSyl), is a Chartered Security Professional (CsyP). He says that the impact of ChatGPT has not been thought through in terms of the security industry, and/or in making organisations less rather than more secure.
“ChatGPT scrapes information from billions of questions and answers from the internet and ranks what words will come next in a sentence based on a probability to achieve a ‘reasonable continuation’ of whatever text it has got thus far.
“As one scientist put it, it keeps asking the internet over and over again ‘given the text so far, what should the next word be’. It might pick the highest-ranked word; but it may also pick a more random word which adds a layer of creativity.”
In scraping the internet, he asks, does that expose organisations to potential harm, and does it expose issues that have not yet been uncovered?
“Can it find and highlight weaknesses in a client’s security profile. What checks and balances are there to protect what has previously been written, and prevent it from being presented as new? How do you lock your inner workings down? Is it possible that one party might be able to accurately impersonate another, based on the language they use? Could it be used, for example, to impersonate me?”
Brendan accepts that not using ChatGPT or embracing the AI revolution means running the risk of being left behind or falling behind in terms of business innovation. But he argues that what has been written and is searchable on the internet, and what might be written and available in the future, could expose a vulnerability that has not yet been considered.
He says: “It could uncover sensitive data and compromise personal and organisational security. ChatGPT is a potentially dangerous invention, and organisations need protecting from it.”
