A recent study conducted in collaboration with Charles Darwin University (CDU) suggests that Artificial Intelligence (AI) could play a significant role in combating the growing menace of cybercrime.

Using OpenAI's ChatGPT to Combat Cybercrime

Led by researchers from CDU's Energy and Resources Institute, in partnership with the Christ Academy Institute for Advanced Studies in India, the study aimed to evaluate the potential of generative AI (GenAI) in penetration testing, a critical cybersecurity practice aimed at identifying vulnerabilities in a system's defenses.

Using OpenAI's popular AI chatbot ChatGPT, the researchers conducted a series of pentesting exercises covering various stages such as reconnaissance, scanning, vulnerability assessments, exploitation, and reporting.

Tasks included attempting anonymous server login, downloading files, examining webpage source codes, and extracting data from archives.

Dr. Bharanidharan Shanmugam, a Senior Lecturer in Information Technology at CDU and co-author of the study, explained that the study sought to investigate whether AI could automate certain pentesting activities, with the findings indicating that ChatGPT showed significant promise.

Dr. Shanmugam elaborated on ChatGPT's potential applications in different phases of pentesting, emphasizing its usefulness in gathering information about target systems, networks, or organizations to identify potential vulnerabilities and attack vectors during the reconnaissance phase. 

He also highlighted its capability to aid in conducting detailed scans of targets' networks, systems, and applications to identify open ports, services, and potential vulnerabilities during the scanning phase.

Read Also: Microsoft and Mistral AI's Multi-Million Euro Partnership to Reshape AI Landscape, New Challenger to OpenAI's Dominance

Exploiting Vulnerabilities in Remote Machines

Furthermore, Dr. Shanmugam underscored ChatGPT's effectiveness in exploiting vulnerabilities in remote machines, indicating its potential to revolutionize pentesting practices.

"In the scanning phase, ChatGPT can be used to aid in performing detailed scans of the target particularly their network, systems and applications to identify open ports, services, and potential vulnerabilities," Dr. Shanmugam said in an official statement.

"While ChatGPT proved to be an excellent GenAI tool for pentesting for the previous phases, it shown the greatest in exploiting the vulnerabilities of the remote machine."

However, Dr. Shanmugam cautioned against unchecked deployment of AI in cybersecurity enhancement efforts. He stressed the importance of organizations adhering to best practices and guidelines to ensure responsible AI deployment, safeguard data security and privacy, and promote collaboration and information sharing among stakeholders.

"Organisations must adopt best practices and guidelines, focusing on responsible AI deployment, data security and privacy, and fostering collaboration and information sharing," he said. 

"By doing so, organisations can leverage the power of GenAI to better protect themselves against the ever-evolving threat landscape and maintain a secure digital environment for all."

The study titled "Generative AI for pentesting: the good, the bad, the ugly", was published in the International Journal of Information Security. 

Related Article: Don't Tell ChatGPT Your Deepest Secrets: 'Having Heart-to-Hearts' With Chatbot Is 'Extremely Unwise,' Says AI Expert