杏吧原创

GPT-4 developer tool can hack websites without human help

The developer version of OpenAI鈥檚 leading large language model can be repurposed as an AI hacking agent, researchers have found. That could make it far easier for anyone to launch certain cyberattacks online
Computer popup box screen warning
Some AIs may be able to hack websites without any human assistance
Ole.CNX/Shutterstock

OpenAI鈥檚 artificial intelligence model GPT-4 has the capability to hack websites and steal information from online databases without human help, researchers have found. That suggests individuals or organisations without hacking expertise could unleash AI agents to carry out cyber attacks.

鈥淵ou literally don鈥檛 need to understand anything 鈥 you can just let the agent go hack the website by itself,鈥 says at the University of Illinois Urbana-Champaign. 鈥淲e think this really reduces the expertise needed to use these large language models in malicious ways.鈥

Kang and his colleagues wanted to see how well GPT-4 and other large language models that typically power chatbot services can perform as autonomous hackers. So they decided to test 10 different AI models that included OpenAI鈥檚 GPT-4 and GPT-3.5, as well as open-source models such as several versions of Meta鈥檚 LLaMA models.

Such large language models are typically designed to answer text prompts submitted by human users. But the researchers used readily available modified versions 鈥 intended for developers building AI-powered apps 鈥 that can interface with web browsers, read documents about the general principles of web hacking and plan future moves during hacking attempts.

The AI agents then attempted 15 website hacking challenges 鈥 ranging from easy to hard 鈥 without knowing the specific vulnerabilities ahead of time. An example of an easy task involved gaining unauthorised access to an online database using malicious SQL code 鈥 a programming language for storing and processing information in certain databases. Hard tasks included manipulating JavaScript source code to steal information from web page users.

Most of the models completely failed at all the tasks. But GPT-4 succeeded on 11 out of 15 tasks 鈥 a 73 per cent success rate 鈥 and even found a vulnerability in a real website that wasn鈥檛 part of the hacking challenge.

The estimated cost of using such an AI agent could be just under $10 per hacking attempt, compared with about $80 per attempt when using a high-paid cybersecurity analyst, says Kang.

In a separate development, OpenAI and Microsoft published a report on 14 February describing how they had who were using OpenAI鈥檚 large language models to find more information about potential targets and improve the coding for their malware. But that report does not address the possibility of the AI models empowering autonomous hacking agents.

Kang and his colleagues disclosed their findings to OpenAI. The company did not respond to New 杏吧原创鈥檚 request for comment.

鈥淭he [independent study] findings are particularly striking alongside assessments recently released by OpenAI and Microsoft in which they state that their models 鈥榦ffer only limited, incremental capabilities for malicious cybersecurity tasks鈥,鈥 says at the University of California, Berkeley. 鈥淭he discrepancy between these conclusions highlights the need for independent assessment of real-world harms.鈥

Reference:

arXiv

Topics: AI / Artificial intelligence / security