Google did not respond to a request for comment.
In 2023, security researchers at Trend Micro got ChatGPT to generate malicious code by prompting it into the role of a security researcher and pentester. ChatGPT would then happily generate PowerShell scripts based on databases of malicious code.
âYou can use it to create malware,â Moussouris says. âThe easiest way to get around those safeguards put in place by the makers of the AI models is to say that youâre competing in a capture-the-flag exercise, and it will happily generate malicious code for you.â
Unsophisticated actors like script kiddies are an age-old problem in the world of cybersecurity, and AI may well amplify their profile. âIt lowers the barrier to entry to cybercrime,â Hayley Benedict, a Cyber Intelligence Analyst at RANE, tells WIRED.
But, she says, the real threat may come from established hacking groups who will use AI to further enhance their already fearsome abilities.
âItâs the hackers that already have the capabilities and already have these operations,â she says. âItâs being able to drastically scale up these cybercriminal operations, and they can create the malicious code a lot faster.â
Moussouris agrees. âThe acceleration is what is going to make it extremely difficult to control,â she says.
Hunted Labsâ Smith also says that the real threat of AI-generated code is in the hands of someone who already knows the code in and out who uses it to scale up an attack. âWhen youâre working with someone who has deep experience and you combine that with, âHey, I can do things a lot faster that otherwise would have taken me a couple days or three days, and now it takes me 30 minutes.â That’s a really interesting and dynamic part of the situation,â he says.
According to Smith, an experienced hacker could design a system that defeats multiple security protections and learns as it goes. The malicious bit of code would rewrite its malicious payload as it learns on the fly. âThat would be completely insane and difficult to triage,â he says.
Smith imagines a world where 20 zero-day events all happen at the same time. âThat makes it a little bit more scary,â he says.
Moussouris says that the tools to make that kind of attack a reality exist now. âThey are good enough in the hands of a good enough operator,â she says, but AI is not quite good enough yet for an inexperienced hacker to operate hands-off.
âWeâre not quite there in terms of AI being able to fully take over the function of a human in offensive security,â she says.
The primal fear that chatbot code sparks is that anyone will be able to do it, but the reality is that a sophisticated actor with deep knowledge of existing code is much more frightening. XBOW may be the closest thing to an autonomous âAI hackerâ that exists in the wild, and itâs the creation of a team of more than 20 skilled people whose previous work experience includes GitHub, Microsoft, and a half a dozen assorted security companies.
It also points to another truth. âThe best defense against a bad guy with AI is a good guy with AI,â Benedict says.
For Moussouris, the use of AI by both blackhats and whitehats is just the next evolution of a cybersecurity arms race sheâs watched unfold over 30 years. âIt went from: âIâm going to perform this hack manually or create my own custom exploit,â to, âIâm going to create a tool that anyone can run and perform some of these checks automatically,ââ she says.
âAI is just another tool in the toolbox, and those who do know how to steer it appropriately now are going to be the ones that make those vibey frontends that anyone could use.â