WormGPT is a new generative AI tool and another tool to add to a cybercriminals’ belt. It works like the popular ChatGPT platform, without the attempt to remain ethical by applying limitations to the prompts it will answer.
Generative AI is a type of artificial intelligence (AI) model that is designed to create and produce new content, such as text, images, music or videos. It works by using its dataset to generate realistic and human-style results.
The good, the bad and the ugly of AI
ChatGPT and other generative AI tools have been used by cybercriminals since their release. This is because these tools can be useful to help criminals write convincing text for phishing emails or other social engineering attacks. This is largely due to their ability to remove language barriers or provide help with code and debugging to create malware, a type of malicious software. However, most generative AI tools, such as ChatGPT, have safeguards in place to limit the malicious activity that can be performed with their tool. While these safeguards can’t eliminate all malicious use, it does stop many of the requests cyber criminals may put in.
ChatGPT’s evil twin
Due to the crackdown on malicious use of generative AI tools, the inevitable has happened, Cyber Criminals are making their own tools utilising this technology specifically for malicious purposes. WormGPT is the most notable of these tools, think of it as ChatGPTs evil twin. It has had all restrictions removed, and a dataset specifically trained to focus on production and execution of malware. It is sold to cyber criminals at a cost of €100 per month and has around 200 users worldwide currently.
It’s all about the data
The most notable thing about this tool is that it does not use the same dataset as ChatGPT. ChatGPT uses the dataset provided by Open AI, who is also the creating company of ChatGPT, this dataset is regarded as one of the most comprehensive in the industry. Instead, WormGPT uses an open-source large data model called GPT-J.
In the world of technology, open source refers to any software or project where the code is made freely available for anyone to view, modify and distribute in accordance with its specific license. This allows the GPT-J model to be modified and specifically trained to focus on an area of interest to the developer, which has allowed the developer of WormGPT to focus on malware. However, this data model is not as highly regarded as the one developed by Open AI so may not be able to generate the same quality of response.
Can WormGPT create a cyber-criminal?
The big question is, can WormGPT allow an absolute beginner to launch complex cyber-attacks?
The simple answer is no.
Despite the dramatic headlines and massive media attention of the tool, it is yet to cause serious damage and from what is advertised of the tool it can only produce attacks that someone with basic knowledge of programming languages and malware could produce. It does provide a helping hand to beginners and established cyber criminals in writing social engineering attacks as well as malware creation, however, the best cyber-attacks are still going to be the human created ones for the time being.
However, it’s important to note that the tool is still in its infancy, and this is only the beginning of cyber criminals leveraging generative AI tools to make attacks easier and more mainstream. Therefore, the need for you and your business to be Cyber Wise has never been more critical.
With ever changing technology and a threat landscape on the verge of revolution, our expert team are here to keep ourselves up to date and pass this knowledge on to your team to keep your business safe.Get in touch to learn how we can help to keep your business safe online.