FraudGPT, a subscription-based generative AI tool, has emerged as a game-changer in the world of cyberattacks. Uncovered by Netenrich’s threat research team on Telegram channels of the dark web in July 2023, FraudGPT has the potential to democratize weaponized generative AI on a large scale.

Leading cybersecurity vendors, including CrowdStrike, IBM Security, Ivanti, Palo Alto Networks, and Zscaler, have issued warnings that attackers, including state-sponsored cyberterrorist units, have been weaponizing generative AI even before ChatGPT was released in November 2022.

While cybercriminals have adopted generative AI technology for phishing and malware, the quality of attacks has not drastically changed. However, the speed and volume of attacks have increased. This highlights the need for AI-based cloud security solutions that can correlate signals globally to defend against these new threats.

FraudGPT, dubbed as a cyberattacker’s starter kit, offers a range of features for a monthly or yearly subscription fee. With FraudGPT, beginners can automate the creation of malicious code, undetectable malware, phishing emails, and various hacking tools without requiring advanced technical expertise.

It is important to note that FraudGPT is not as advanced or sophisticated as nation-state attack teams like Department 121 of the North Korean Army’s Reconnaissance General Bureau. However, its accessibility to novice attackers can lead to a significant increase in intrusion and breach attempts, especially in vulnerable sectors such as education, healthcare, and manufacturing.

FraudGPT serves as a wake-up call for the continuous innovation of AI-powered defenses to counter the hostile use of AI. It is crucial to understand the weaknesses of generative AI technologies through red-teaming exercises and establish protective measures to prevent their misuse in creating cyberattack tools.

To this end, Microsoft has introduced a guide for customers building applications using Azure OpenAI models, providing a framework for red-teaming. DEF CON also recently hosted the first public generative AI red team event to test models provided by various organizations.

Red-teaming chatbots and generative AI technologies is essential to ensure ethical development and prevent potential harm to society. Professional red teams play a vital role in identifying weaknesses and exploiting loopholes in computer systems, including AI-powered systems.

Overall, the emergence of FraudGPT marks a new era of weaponized generative AI tools and calls for proactive measures to protect against the misuse of AI technology.