Over 20 nation-state and cybercriminal campaigns exploiting OpenAI's ChatGPT service for malware deployment, influence operations, and other malicious activity have been dismantled by the major U.S. artificial intelligence firm this year, according to SC Media.
Most prominent of the thwarted operations was one by Iranian state-backed threat group CyberAv3ngers, which leveraged ChatGPT to research default industrial control system credentials and CrushFTP, Asterisk Voice, Cisco Integrated Management Controller bugs, as well as information on bash script debugging and Modbus TCP/IP client creation, an OpenAI analysis revealed.
Another Iranian threat operation STORM-0817 was noted to have exposed malware code through ChatGPT while Chinese threat actor SweetSpecter's spear-phishing attack against OpenAI employees has also been foiled. OpenAI's disruptions of adversarial ChatGPT utilization comes amid threat actors' limited progress in exploiting the technology in malware attacks or election-targeted influence operations.
"Threat actors continue to evolve and experiment with our models, but we have not seen evidence of this leading to meaningful breakthroughs in their ability to create substantially new malware or build viral audiences," said the report.
