Recently, a team of researchers from the University of Illinois Urbana-Champaign conducted a study that demonstrated the ability of GPT-4 to exploit zero-day flaws by utilizing knowledge of common vulnerabilities and exposures (CVE). The study, which was shared on the Arxiv repository by Richard Fang, Rohan Bindu, Akil Gupta, and Daniel Kang, also noted that previous studies had shown the potential of large language models (LLM) to carry out malicious actions when manipulated for that purpose.
However, previous studies had been limited to simple vulnerabilities. To demonstrate how GPT-4 can act against more critical severity vulnerabilities, the researchers compiled a dataset of 15 such vulnerabilities from the vulnerable list and common exposures. The results were astounding – GPT-4 was able to exploit 87 percent of the vulnerabilities while GPT-3.5 was unable to exploit any.
The researchers believe that this success was enabled by the complete CVE descriptions of the vulnerabilities. They suggest that security organizations may consider refraining from publishing detailed reports on vulnerabilities as a mitigation strategy. However, they also stress the importance of staying ahead of potential threats posed by advancements in language models.
To prevent cybercriminals from exploiting ‘zero-day’ vulnerabilities using GPT-4, the researchers recommend proactive security measures such as regular security package updates. They emphasize that organizations must stay vigilant and adapt their security strategies accordingly to protect themselves from emerging threats in this rapidly evolving field.
:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/YWR46Q5QCBCI5J3YRZ5VGAGZJ4.jpg)