The Indian Computer Emergency Response Team (CERT-In) has issued a cybersecurity advisory, warning users against the usage of AI language-based models such as ChatGPT, Bing AI, Jasper AI, Bard by threat actors for perpetrating cyber attacks.
ChatGPT, the conversational Artificial Intelligence (AI) platform developed by Microsoft-backed OpenAI, and other such platforms have taken the world by storm with users finding its use in varied fields such as content writing, composing emails, coding and so on.
However, these platforms has also been in the news for reportedly aiding in creating malware and composing email texts for phishing campaigns and so on. This has aroused the interest of law enforcement officials, who now have a new cyber-related threat to deal with.
In an advisory issued by the nodal cybersecurity agency on May 9, CERT-In said, "A threat actor could use the application to write malicious codes for, exploit a vulnerability, conduct scanning, perform privilege escalation & lateral movement, to construct a malware or a ransomware for a targeted system."
While further explaining the ways in such language models can be misused, CERT-In, said "Al based applications can generate output in the form of text as written by human. This can be used to disseminate fake news, scams, generate misinformation, create phishing messages, or produce deep fake texts."
"A threat actor can ask for a promotional email, a shopping notification, or a software update in their native language and get a well-crafted response in English, which can be used for phishing campaigns," it added.
Additionally, it also said that such language models can scrape personal information without consent from websites and "build corpus of text data".
This advisory also comes at a time when police in China arrested a man for misusing ChatGPT for spreading fake news.
Safety measures
CERT-In urged developers and users to get up-to-date on their knowledge about the risks and threats associated with interacting with Al language models.
"Al language-based applications are based on learning on large set of internet data. The model can collect all accessible data including sensitive information also. Hence, implement appropriate controls to preserve the security and privacy of data. Do not submit any sensitive information, such as login credentials, financial information or copyright data to such applications," it recommended.
Additionally, CERT-In urged users to ensure that the text generated is not being used for illegal activities or for "dissemination of misinformation".
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
