The AI sphere was rather dull, boring, and no gimmicky. It rarely made significant ripples outside its own realms.
That, before ChatGPT introduced ChatGPT, the generative AI capable of creating human-like interaction, in a manner never previously seen.
This sent rivals into frenzy, and sooner than later, many of them either reached out to OpenAI to use the product, or brainstorm for ways to create competing products.
As the technology continues to fascinate the tech world, it reaches more than just some common users, researchers, students or workers.
This is because malicious actors are also putting an interest in the technology.
And this time, they created 'WormGPT', a ChatGPT competitor, but without the constraints.
OpenAI created ChatGPT to help users with a variety of things and tasks. But to ensure it obeys the rules and remain within the boundaries of 'ethics', the company puts filters and limitations.
As a result, the AI behind ChatGPT cannot do certain things, nor that it can answer certain questions.
And here, WormGPT is the answer.
At least for hackers, because the AI was created by hackers, for hackers.
Using WormGPT, cybercriminals can leverage generative AI technology to aid their activities and launch business email compromise (BEC) attacks, and others.
According to a report by researchers at SlashNext who discovered it, WormGPT was trained on various data sources, with a specific focus on malware-related data.
As a result, the AI can generate highly convincing fake emails.
In short, WormGPT is a black hat alternative to ChatGPT, specifically designed for malicious activities.
"It's like ChatGPT but has no ethical boundaries or limitations," the report said.
Read: How ChatGPT Is Tricked Into Creating Malware Using Alphanumeric And Flag Emojis
According to SlashNext CEO Patrick Harr:
Harr added that the use of generative AI will head to what's called the "polymorphic nature," where attacks can be launched, tweaked and re-tweaked, and relaunched at great speed.
"It's that targeted nature, along with the frequency of attack, which is going to really make companies rethink their security posture," he said.
What makes WormGPT also dangerous is that, it can even aid hackers with the most limited fluency in the target language.
SlashNext said that generative AIs can create emails with "impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious," adding that it can also lower entry threshold, in which attackers with limited skills can use this technology, making it an accessible tool "for a broader spectrum of cybercriminals."
Read: 'ChatGPT' From OpenAI Allows Script Kiddies To Create Malware Quickly And Effortlessly
To protect themselves from BEC, companies should develop "extensive, regularly updated training programs aimed at countering BEC attacks, especially those enhanced by AI."
Such programs help educate employees on the nature of BEC threats, how AI is used to augment them, and the tactics employed by attackers.
Companies must also use enhanced email verification measures, which can include an automatically alert system when receiving emails from unknown or unexpected sources, and using email systems that flag messages containing specific keywords, like “urgent”, “sensitive”, or “wire transfer”.
These measures can help ensure that potentially malicious emails are subjected to examination before any action is taken by human users.
Harr also suggest fighting fire with fire.
Following the rise of generative AI tools, Harr said that AI-powered defense system can help.
"If a threat actor creates an attack and then tells the gen AI tool to modify it, there's only so many ways you can say the same thing. What you can do is tell your AI defenses to take that core and clone it to create 24 different ways to say that same thing."
"You can almost anticipate what their next threat will be before they launch it, and if you incorporate that into your defense, you can detect it and block it before it actually infects."
"This is an example of using AI to fight AI."