ChatGPT can arguably be called the breakout software introduction of the last 12 months, generating both amazement at its potential and concerns that threat actors will weaponize and use it as an attack platform. Karl Sigler, Senior Security Research Manager, SpiderLabs Threat Intelligence, along with Trustwave SpiderLabs researchers, has been tracking ChatGPT’s development over the last several months.

The SecurityScorecard team has just returned from an exciting week in San Francisco at RSA Conference 2023. This year’s theme, “Stronger Together,” was meant to encourage collaboration and remind attendees that when it comes to cybersecurity, no one goes it alone. Building on each other’s diverse knowledge and skills is what creates breakthroughs.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Wired just published an interesting story about political bias that can show up in LLM's due to their training. It is becoming clear that training an LLM to exhibit a certain bias is relatively easy. This is a reason for concern, because this can "reinforce entire ideologies, worldviews, truths and untruths” which is what OpenAI has been warning about.

Poker players and other human lie detectors look for “tells,” that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when he’s about to bluff, for example, or someone’s pupils dilate when they’ve successfully drawn to an insider straight.

As part of SecurityScorecard’s commitment to making the world a safer place, we are now the first and only security ratings platform to integrate with OpenAI’s GPT-4 system. With this natural language processing capability, cybersecurity leaders can find immediate answers and suggested mitigations for high-priority cyber risks.

Security teams are faced with relentless cyberattacks, and they cannot engineer defenses fast enough. SOC teams face limited visibility, insufficient context, and the inability to identify the threats that matter. Analysts are even more burned out, switching from tool to tool, frantically trying to make sense of what they are seeing.

We’ve had occasion to write about ChatGPT’s potential for malign use in social engineering, both in the generation of phishbait at scale and as a topical theme that can appear in lures. We continue to track concerns about the new technology as they surface in the literature.

Yes, AI chatbots can write code very fast, but you still need human oversight and security testing in your AppSec program. Chatbots are taking the tech world and the rest of the world by storm—for good reason. Artificial intelligence (AI) large language model (LLM) tools can write things in seconds that would take humans hours or days—everything from research papers to poems to press releases, and yes, to computer code in multiple programming languages.