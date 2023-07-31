Since OpenAI released ChatGPT, there has been a rise in the development of generative AI large language models (LLMs). However, cybercriminals have now created their own models for malicious purposes. Cybersecurity services company SlashNext recently discovered a model named WormGPT, which is being advertised and sold on the dark web for $1,000.

WormGPT is believed to be based on EleutherAI’s GPT-J LLM developed in 2021. Although less powerful than OpenAI’s GPT-4, GPT-J still has the capability for malicious activities. It has been trained on various data sources, with a specific focus on malware-related data.

According to cybersecurity expert Daniel Kelley, experiments with WormGPT have revealed its potential for sophisticated phishing and business email compromise (BEC) attacks. These generative AI models make it easier for cybercriminals to create convincing fake personalized emails, increasing the success rate of BEC attacks that have already caused significant financial losses for businesses.

In addition, AI tools such as ChatGPT can automate the process of phishing at scale, enabling social engineering tactics. To counter AI-powered attacks, organizations are advised to implement comprehensive training programs to educate employees about the nature of BEC threats and how AI augments them. It is also recommended to establish stringent email verification processes that include automatic alerts for external impersonation and keyword flagging.

In the face of AI-driven threats like WormGPT, it is crucial to remain vigilant and proactive. Cybercriminals continuously adapt and discover new ways to exploit these technologies. Businesses and individuals must stay updated with the latest cybersecurity practices to protect themselves from emerging threats in this evolving landscape.