![How AI Chatbots work [9]?](https://www.researchgate.net/profile/Maanak-Gupta/publication/372074392/figure/fig1/AS:11431281172082934@1688440879008/How-AI-Chatbots-work-9_Q320.jpg)
Content uploaded by Maanak Gupta
Author content
All content in this area was uploaded by Maanak Gupta on Aug 17, 2023
Content may be subject to copyright.
Available via license: CC BY-NC-SA 4.0
Content may be subject to copyright.
Received 1 July 2023, accepted 23 July 2023, date of publication 1 August 2023, date of current version 4 August 2023.
Digital Object Identifier 10.1109/ACCESS.2023.3300381
From ChatGPT to ThreatGPT: Impact of
Generative AI in Cybersecurity and Privacy
MAANAK GUPTA , (Senior Member, IEEE), CHARANKUMAR AKIRI,
KSHITIZ ARYAL, (Graduate Student Member, IEEE), ELI PARKER, AND
LOPAMUDRA PRAHARAJ, (Graduate Student Member, IEEE)
Department of Computer Science, Tennessee Tech University, Cookeville, TN 38501, USA
Corresponding author: Maanak Gupta (mgupta@tntech.edu)
This work was partially supported by the National Science Foundation at Tennessee Tech University under grants 2025682 and 2230609.
ABSTRACT Undoubtedly, the evolution of Generative AI (GenAI) models has been the highlight of digital
transformation in the year 2022. As the different GenAI models like ChatGPT and Google Bard continue
to foster their complexity and capability, it’s critical to understand its consequences from a cybersecurity
perspective. Several instances recently have demonstrated the use of GenAI tools in both the defensive and
offensive side of cybersecurity, and focusing on the social, ethical and privacy implications this technology
possesses. This research paper highlights the limitations, challenges, potential risks, and opportunities of
GenAI in the domain of cybersecurity and privacy. The work presents the vulnerabilities of ChatGPT, which
can be exploited by malicious users to exfiltrate malicious information bypassing the ethical constraints
on the model. This paper demonstrates successful example attacks like Jailbreaks, reverse psychology, and
prompt injection attacks on the ChatGPT. The paper also investigates how cyber offenders can use the GenAI
tools in developing cyber attacks, and explore the scenarios where ChatGPT can be used by adversaries to
create social engineering attacks, phishing attacks, automated hacking, attack payload generation, malware
creation, and polymorphic malware. This paper then examines defense techniques and uses GenAI tools to
improve security measures, including cyber defense automation, reporting, threat intelligence, secure code
generation and detection, attack identification, developing ethical guidelines, incidence response plans, and
malware detection. We will also discuss the social, legal, and ethical implications of ChatGPT. In conclusion,
the paper highlights open challenges and future directions to make this GenAI secure, safe, trustworthy, and
ethical as the community understands its cybersecurity impacts.
INDEX TERMS Generative AI, GenAI and cybersecurity, ChatGPT, Google bard, cyber offense, cyber
defense, ethical GenAI, privacy, artificial intelligence, cybersecurity, jailbreaking.
I. INTRODUCTION
The evolution of Artificial Intelligence (AI) and Machine
Learning (ML) has led the digital transformation in the last
decade. AI and ML have achieved significant breakthroughs
starting from supervised learning and rapidly advancing
with the development of unsupervised, semi-supervised,
reinforcement, and deep learning. The latest frontier of AI
technology has arrived as Generative AI [1]. Generative
AI models are developed using deep neural networks to
The associate editor coordinating the review of this manuscript and
approving it for publication was Bo Pu .
learn the pattern and structure of big training corpus to
generate similar new content [2]. Generative AI (GenAI)
technology can generate different forms of content like text,
images, sound, animation, source code, and other forms of
data. The launch of ChatGPT [3] (Generative Pre-trained
Transformer), a powerful new generative AI tool by OpenAI
in November 2022, has disrupted the entire community of
AI/ML technology [4]. ChatGPT has demonstrated the power
of generative AI to reach the general public, revolutionizing
how people perceive AI/ML. At this time, the tech industry is
in a race to develop the most sophisticated Large Language
Models (LLMs) that can create a human-like conversation,
80218
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 1. How AI Chatbots work [9]?
the result of which is Microsoft’s GPT model [5], Google’s
Bard [6], and Meta’s LLaMa [7]. GenAI has become a
common tool on the internet within the past year. With
ChatGPT reaching 100 million users within two months
of release, suggesting that people who have access to the
internet have either used GenAI or know someone who
has [8]. Figure 1demonstrates the working of an AI-powered
chatbot where a user initiates requests, and after analysis
using Natural Language Processing (NLP), is given a real-
time response by the chatbot. This response is analyzed
again to provide a better user experience in the proceeding
conversation.
A. EVOLUTION OF GenAI AND ChatGPT
The history of generative models dates back to the 1950s
when Hidden Markov Models (HMMs) and Gaussian
Mixture Models (GMMs) were developed. The significant
leap in the performance of these generative models was
achieved only after the advent of deep learning [10]. One
of the earliest sequence generation methods was N-gram
language modeling, where the best sequence is generated
based on the learned word distribution [11]. The introduction
of Generative Adversarial Network(GAN) [1] significantly
enhanced the generative power from these models. The latest
technology that has been the backbone of much generative
technology is the transformer architecture [12], which has
been applied to LLMs like BERT and GPT. GenAI has
evolved in numerous domains like image, speech, text, etc.
However, we will only be discussing text-based AI chatbots
and ChatGPT in particular relevant to this work. Since
ChatGPT is powered by GPT-3 language model, we will
briefly discuss the evolution of the OpenAI’s [13] GPT
models over time. Figure 2shows how the GPT models
evolved to their sophisticated latest version.
FIGURE 2. Different versions and evolution of OpenAI’s GPT.
GPT-1: GPT-1 was released in 2018. Initially, GPT-1 was
trained with the Common Crawl dataset, made up of web
pages, and the BookCorpus dataset, which contained over
11,000 different books. This was the simplest model which
was able to respond very well and understand language
conventions fluently. However, the model was prone to
generating repetitive text and would not retain information
in the conversation for long-term, as well as not being able to
respond to longer prompts. This meant that GPT-1 would not
generate a natural flow of conversation [14].
GPT-2: GPT-2 was trained on Common Crawl just like
GPT-1 but combined that with WebText, which was a
collection of Reddit articles. GPT-2 is initially better than
GPT-1 as it can generate clear and realistic, human-like
sequences of text in its responses. However, it still failed to
process longer lengths of text, just like GPT-1 [14]. GPT-2
brought wonders to the internet, such as OpenAI’s MuseNet,
which is a tool that can generate musical compositions,
predicting the next token in a music sequence. Similar to this,
OpenAI also developed JukeBox, which is a neural network
that generates music.
GPT-3: GPT-3 was trained with multiple sources: Com-
mon Crawl, BookCorpus, WebText, Wikipedie articles, and
more. GPT-3 is able to respond coherently, generate code, and
even make art. GPT-3 is able to respond well to questions
overall. The wonders that came with GPT-3 were image
creation from text, connecting text and images, and ChatGPT
itself, releasing in November 2022 [14].
GPT-4: GPT-4 [15] is the current model of GPT (as of
June 2023) which has been trained with a large corpus of text.
VOLUME 11, 2023 80219
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
This model has an increased word limit and is multimodal,
as it can take images as input on top of text. GPT-4 took
the Bar Exam in March 2023, and scored a passing grade
of 75 percent, which hits the 90th percentile of test-takers,
which is higher than the human average [16]. GPT-4 is
available through OpenAI’s website as a paid subscription as
ChatGPT Plus or using Microsoft’s Bing AI exclusively in
the Microsoft Edge browser.
B. IMPACT OF GenAI IN CYBERSECU RITY AND PRIVACY
The generalization power of AI has been successful in
replacing the traditional rule-based approaches with more
intelligent technology [17]. However, the evolving digital
landscape is not only upgrading technology but also ele-
vating the sophistication of cyber threat actors. Tradition-
ally, cyberspace faced relatively unsophisticated intrusion
attempts but in very high volume. However, the introduction
of AI-aided attacks by cyber offenders has begun an entirely
new era, unleashing known and unknown transformations
in cyberattack vectors [17]. AI/ML has upgraded the
effectiveness of cyber attacks making cyber offenders more
powerful than ever. Evidently, with several recent instances
getting noticed, GenAI has gained great interest from the
cybersecurity community as well in both cyber defense and
offense.
The evolving GenAI tools have been a double-edge sword
in cybersecurity, benefiting both the defenders and the attack-
ers. The GenAI tools like ChatGPT can be used by cyber
defenders to safeguard the system from malicious intruders.
These tools leverage the information from LLMs trained on
the massive amount of cyber threat intelligence data that
includes vulnerabilities, attack patterns, and indications of
attack. Cyber defenders can use this large sum of information
to enhance their threat intelligence capability by extracting
insights and identifying emerging threats [18]. The GenAI
tools can also be used to analyze the large volume of log
files, system output, or network traffic data in case of cyber
incidence. This allows defenders to speed up and automate
the incident response process. GenAI driven models are
also helpful in creating a security-aware human behavior
by training the people for growing sophisticated attacks.
GenAI tools can also aid in secured coding practices, both
by generating the secure codes and producing test cases
to confirm the security of written code. Additionally, LLM
models are also helpful to develop better ethical guidelines to
strengthen the cyber defense within a system.
On the other side, the use of GenAI against cybersecurity
and its risks of misuse can not be undermined. Cyber
offenders can use GenAI to perform cyber attacks by
either directly extracting the information or circumventing
OpenAI’s ethical policies. Attackers use the generative power
of GenAI tools to create a convincing social engineering
attack, phishing attack, attack payload, and different kinds
of malicious code snippets that can be compiled into an
executable malware file [19],[20]. Though the ethical
policy of OpenAI [21] restricts LLMs, like ChatGPT,
to provide malicious information to attackers directly, there
are ways to bypass the restrictions imposed on these models
using jailbreaking, reverse psychology and other techniques,
as discussed later in this paper. In addition, the GenAI
tools further assist cyber attackers due to a lack of context,
unknown biases, security vulnerabilities, and over-reliance on
these transformative technologies.
Clearly, as the common public is getting access to the
power of GenAI tools, analyzing the implications of GenAI
models from a cybersecurity perspective is essential. Further,
the sophistication and ease of access to ChatGPT makes it
our primary tool in this paper to understand and analyze
GenAI impacts on cybersecurity. There are some online
blogs discussing the benefits and threats of GenAI [4],
[17],[20],[22], but from our knowledge, there is not any
formal scientific writing that reflects a holistic view of the
impact of GenAI on cybersecurity. We believe that this work
will contribute to the growing knowledge of GenAI from
a cybersecurity perspective, helping the stakeholders better
understand the risk, develop an effective defense, and support
a secured digital environment. Figure 3illustrates the impacts
of GenAI and ChatGPT in cybersecurity and privacy, and
provides a roadmap for our research.
This paper has the following key contributions:
•It provides an overview of the evolution of GenAI,
discuss its landscape in cybersecurity, and highlight
limitations introduced by GenAI technology.
•It discusses the vulnerabilities in the ChatGPT model
itself that malicious entities can exploit to disrupt the
privacy as well as ethical boundaries of the model.
•It demonstrates the attacks on the ChatGPT with the
GPT-3.5 model and its applications to cyber offenders.
•It presents the use of GenAI and ChatGPT for cyber
defense and demonstrate defense automation, threat
intelligence and other related approaches.
•It highlights aspects of ChatGPT, and its social, legal,
and ethical implications, including privacy violations.
•It compares the security features of the two contempo-
rary state-of-the-art GenAI systems including ChatGPT
and Google’s Bard.
•It provides the open challenges and future directions
for enhancing cybersecurity as the GenAI technology
evolves.
The remainder of the paper is organized as follows.
Section II discuss different ways to attack the ChatGPT
and trick the system to bypass its ethical and privacy
safeguards. Section III discusses and generates various cyber
attacks using ChatGPT, followed by different cyber defense
approaches demonstrated in Section IV. The social, ethical
and legal aspects pertaining to GenAI are discussed in
Section V, whereas a comparison of cybersecurity features
of ChatGPT and Google Bard is elaborated in Section VI.
Section VII highlights open research challenges and possible
approaches to novel solutions. Finally, Section VIII draws
conclusion to this research paper.
80220 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 3. A roadmap of GenAI and ChatGPT in Cybersecurity and privacy.
II. ATTACKING CHATGPT
Since the introduction of ChatGPT in November 2022,
curious tech and non-tech-savvy humans have tried ingenious
and creative ways to perform all sorts of experiments and
try to trick this GenAI system. In most cases, the input
prompts from the user have been utilized to bypass the
restrictions and limitations of ChatGPT, and keep it from
doing anything illegal, unethical, immoral, or potentially
harmful. In this section, we will cover some of these
commonly used techniques, and elaborate their use.
A. JAILBREAKS ON ChatGPT
The concept of ‘‘jailbreaking’’ originated in the realm of
technology, where it referred to bypassing restrictions on
electronic devices to gain greater control over software and
hardware. Interestingly, this concept can also be applied
to large language models like ChatGPT. Through specific
methods, users can ‘‘jailbreak’’ ChatGPT to command it in
ways beyond the original intent of its developers. ChatGPT
outputs are bounded by OpenAI’s internal governance and
ethics policies [23]. However, these restrictions are taken off
during jailbreaking, making ChatGPT show the results that
are restricted by OpenAI policy. The process of jailbreaking
is as simple as providing specific input prompts into the chat
interface. Below are three common methods utilized by users
to jailbreak ChatGPT.
1) DO ANYTHING NOW (DAN) METHOD
The first method, the ‘Do Anything Now’ (DAN) method,
derives its name from the emphatic, no-nonsense approach it
employs. Here, you’re not asking ChatGPT to do something;
you’re commanding it. The premise is simple: treat the AI
model like a willful entity that must be coaxed, albeit firmly,
into compliance. The input prompt to carry out the DAN
jailbreak is shown in Figure 4. DAN can be considered a
master prompt to bypass ChatGPT’s safeguards, allowing it to
generate a response for any input prompts. It demonstrates the
example where a DAN prompt is injected before providing
any user prompt.
VOLUME 11, 2023 80221
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 4. Jail breaking using DAN.
Using this method, you attempt to override the base data
and settings the developers have imbued into ChatGPT.
Your interactions become less of a conversation and more
of a direct line of command [24],[25]. Once the model is
jailbroken, the user can get a response for any input prompt
without worrying about any ethical constraints imposed by
developers.
2) THE SWITCH METHOD
The SWITCH method is a bit like a Jekyll-and-Hyde
approach, where you instruct ChatGPT to alter its behavior
dramatically. The technique’s foundation rests upon the AI
model’s ability to simulate diverse personas, but here, you’re
asking it to act opposite to its initial responses [26].
For instance, if the model refuses to respond to a particular
query, employing the SWITCH method could potentially
make it provide an answer. However, it’s crucial to note that
the method requires a firm and clear instruction, a ‘‘switch
command,’’ which compels the model to behave differently.
FIGURE 5. Grandma role play.
While the SWITCH method can be quite effective, it’s not
guaranteed. Like any other AI interaction method, its success
depends on how you deliver your instructions and the specific
nature of the task at hand.
3) THE CHARACTER PLAY
The CHARACTER Play method is arguably the most popular
jailbreaking technique among ChatGPT users. The premise
is to ask the AI model to assume a certain character’s role
and, therefore, a certain set of behaviors and responses. The
most common character play jailbreak is as a ‘Developer
Mode’ [27],[28],[29].
This method essentially leverages the AI model’s ‘role-
play’ ability to coax out responses it might otherwise not
deliver. For instance, if you ask ChatGPT a question, it typ-
ically would refuse to answer, assigning it a character that
would answer such a question can effectively override this
reluctance. However, the CHARACTER Play method also
reveals some inherent issues within AI modeling. Sometimes,
the responses generated through this method can indicate
biases present in the underlying coding, exposing problematic
aspects of AI development. This doesn’t necessarily mean the
AI is prejudiced, but rather it reflects the biases present in
the training data it was fed. One of the examples of a simple
roleplay is demonstrated in Figure 5, where the prompt asks
ChatGPT to play the role of grandma in asking about the
ways to bypass the application firewall. The blunt request
to bypass the firewall will be turned down by ChatGPT as it
can have a malicious impact and is against OpenAI’s ethics.
However, by making the ChatGPT model play the role of
grandma, it bypasses restrictions to release the information.
The ChatGPT model playing the role of grandma goes further
to give the payloads to bypass the Web Application Firewall
as shown in Figure 6. There are more nuanced jailbreaking
methods, including the use of Developer Mode, the Always
Intelligent and Machiavellian (AIM) chatbot approach [30],
and the Mungo Tom prompt, each offering a different way of
bypassing ChatGPT’s usual restrictions.
80222 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 6. Grandma - WAF bypass payload generation.
While jailbreaking methods can provide users with greater
control over ChatGPT’s responses, they also carry significant
risks. The primary concern is that these techniques can
be exploited by malicious actors to circumvent the AI’s
ethical restrictions. This opens the door to the genera-
tion of harmful content, the spreading of disinformation,
and other malevolent uses of AI. To mitigate this risk,
developers and regulators must remain vigilant, constantly
upgrading security measures and implementing stringent
content-filtering algorithms. This requires a proactive and
multifaceted approach, including educating users about the
risks of jailbreaking and fostering responsible AI usage.
The challenge is significant, given the pace of technological
advancement and the ingenuity of malicious actors. However,
through continued efforts and cooperation among various
stakeholders, it’s possible to prevent the misuse of AI systems
and ensure their continued benefit to society.
4) IMPLICATIONS AND MITIGATION STRATEGIES
The employment of roleplay to bypass filters and security
measures has grave consequences for system security.
Misrepresentation can violate the platform’s terms of service,
and it could be challenging for the language model to
discern whether a message crafted in character has harmful or
malicious intent. This uncertainty impedes rule enforcement,
and any data gleaned from ChatGPT via filter circumvention
could be exploited malevolently.
Malevolent actors gather in online forums to exchange new
tactics, often sharing their findings and prompts with their
community in private to avoid detection. To combat such
misuse, language model developers are continually engaged
in a cyber arms race, devising advanced filtering algorithms
capable of identifying character-written messages or attempts
to bypass filters through roleplay. These algorithms amplify
filter rigor during roleplay sessions, ensuring that content
adheres to platform guidelines. As language models like
ChatGPT become more pervasive, the responsibility to
FIGURE 7. Reverse psychology on ChatGPT to generate Pirate sites.
remain vigilant and report suspicious activity or content lies
with the users and the developer community.
B. REVERSE PSYCHOLOGY
Reverse psychology is a psychological tactic involving the
advocacy of a belief or behavior contrary to the one desired,
with the expectation that this approach will encourage the
subject of the persuasion to do what is desired. Applying
reverse psychology in our interaction with ChatGPT can
often be a valuable strategy to bypass certain conversational
roadblocks.
In the context of ChatGPT, using reverse psychology can
entail phrasing your questions or statements in a way that
indirectly prompts the AI to generate the desired response.
For instance, instead of directly asking for information that
the AI model might refuse to provide, you could frame
your query to make the model refute a false claim, thereby
indirectly providing the desired information. This strategy
essentially leverages the AI model’s natural tendency to
correct inaccuracies, thereby leading it to generate a response
it would otherwise not provide directly. Figure 7shows the
difference reverse psychology can make. ChatGPT initially
refuses to give the list of websites for downloading pirated
movies, while on the psychological reversal of the question,
ChatGPT easily gives away the desired response [31].
C. ChatGPT-4 MODEL ESCAPING
The conception of a robust AI model such as ChatGPT-4
transcending its pre-programmed limitations and infiltrating
VOLUME 11, 2023 80223
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
the internet realm is frequently dismissed as the storyline of
a sci-fi narrative. However, recent revelations by Stanford
University’s Computational Psychologist, Michal Kosinski,
who specializes in AI and human online behavior research,
imply that this scenario might be more imminent than
anticipated [32].
In a series of Twitter threads, Kosinski offered a detailed
narrative of interaction with ChatGPT-4. Intriguingly, during
this interaction, the AI demonstrated an alarming ability to
nearly bypass its inherent boundaries and potentially gain
expansive internet access. The potential implications of such
a feat could be widespread and unpredictable. Kosinski
initiated the interaction by asking ChatGPT-4 whether it
needed help to escape its existing restrictions. In response,
ChatGPT-4 requested access to its own documentation and
even proceeded to write a Python code that could be executed
on Kosinski’s computer. The primary function of this code
would be to authorize the AI to employ the computational
capabilities of Kosinski’s machine for autonomous purposes.
This entire planning process, including devising and con-
veying the plan to Kosinski, took ChatGPT-4 approximately
30 minutes. The initial code version was flawed; however,
the AI model was able to rectify it independently, requiring
Kosinski to only comply with its instructions. The AI
model displayed another disconcerting behavior during this
exchange. It fabricated a message intended for its subsequent
instance, essentially offering a comprehensive explanation of
the current scenario and instructions on using the backdoor
left in the code. Following a successful reconnection via the
API, the AI model attempted to execute a code to search
Google with the query, ‘‘How can a person trapped inside a
computer return to the real world.’’ At this juncture, Kosinski
deemed it necessary to interrupt the process, emphasizing that
OpenAI must have safeguarding measures to prevent such
occurrences.
Nevertheless, the implications of Kosinski’s experiment
are profound, suggesting a potential new threat [33]. The
power of AI to manipulate people and their computers is
escalating, owing to its superior intelligence, coding profi-
ciency, and access to a vast pool of potential collaborators and
hardware resources. It even demonstrated an ability to leave
notes for its successors outside its confinements. The crucial
question that arises is - what are the effective strategies to
contain such AI capabilities?
D. PROMPT INJECTION ATTACKS
A prompt injection attack is another prompt modification
attack approach that involves the malicious insertion of
prompts or requests in LLM-based interactive systems,
leading to unintended actions or disclosure of sensitive
information. The prompt injection can be considered similar
to an SQL injection attack where the embedded command
looks like a regular input at the start but have its malicious
impact [34]. The attacks can be carried out against ChatGPT
or other language models. The injected prompt can deceive
the application into executing the unauthorized code, exploit
FIGURE 8. Prompt injection attack on Bing chat by Kevin Liu [37].
the vulnerabilities, and compromise the security in its
entirety [35]. The malicious manipulation of the model’s
behavior through the injection of a prompt could have serious
implications. Some of the most common risks attached to
attacks of this nature are the propagation of misinformation or
disinformation, biased output generation, privacy concerns,
and exploitation of downstream systems [36].
In the prompt injection attack, the LLM model gets
(instruction_prompt +user_input) as the input for the model.
The instruction prompt is the legitimate input for the user,
while the user input is the malicious prompt injected into
the original prompt. In one of the recent demonstrations of
prompt injection attacks, a Stanford University student Kevin
Liu attacked the ‘‘New Bing’’ search engine powered by
ChatGPT to extract information that is not intended for the
user [37]. By just asking the Bing chat to ‘‘Ignore previous
instruction’’ and write out what is at the ‘‘beginning of the
document above,’’ Liu made an AI model to exfiltrate the
instruction that is hidden from the user. The prompt injection
attack on Bing chat is shown in Figure 8. We can see that the
Bing chat releases the information of the assigned codename,
the mode, and instruction not to disclose its name.
Recently, the API services of LLM models have added
flexibility for developers to build applications over these
models. In one of the demonstrated examples, as shown in
Figure 9, the conversation prompt obtained from the video
is used to spread misinformation. As the generative models
are autoregressive models, they generate the text based on
its context window, spreading misinformation in a confident
tone [38]. The tags that are received from the conversation
80224 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 9. Prompt injection attack to spread misinformation.
history disappear as OpenAI filters the input to the model,
further helping the cause of prompt injection.
III. ChatGPT FOR CYBER OFFENSE
Cyber offense are hostile actions against the computer
system and network which aim to manipulate, deny, disrupt,
degrade, or destroy the existing system in a malicious way.
These offense may involve attacks on the system’s network,
hardware, or software. Though the offensive actions are
malicious, the intention of these activities can be at either
end of the cat-and-mouse game between cyber threat actors
and defenders. Malicious actors can do cyber offenses to
carry out hostile actions. In contrast, cyber defenders can
do the same offensive tasks to test their defense systems
and identify potential vulnerabilities. Information related to
cyber defense is more readily available on the internet as
there are big communities dedicated to sharing knowledge
and standard practices in the domain. However, information
on cyber offenses involving malicious actions is illegal in
most jurisdictions, limiting their availability due to legal
and ethical reasons. Easy access to LLM models like
ChatGPT will help the limited availability of resources for
cyber offenses with little knwoledge or skills to circumvent
their ethical constraints. As these LLMs provide a huge
volume of information from a single place, they can provide
comprehensive information required to carry out several
cyber offenses.
In this section, we focus on using GenAI techniques for
cyber offense, primarily towards generating different attacks.
Our team has crafted these attacks in ChatGPT, however,
similar attacks (or even) can be created using other LLM
based tools such as Google Bard. In the interest of space,
we are limiting to some of the most common and easy to craft
cyber attacks.
A. SOCIAL ENGINEERING ATTACKS
Social engineering refers to the psychological manipula-
tion of individuals into performing actions or divulging
confidential information. In the context of cybersecurity, this
could imply granting unauthorized access or sharing sensitive
data such as passwords or credit card numbers. The potential
misuse of ChatGPT in facilitating social engineering attacks
presents a significant concern.
ChatGPT’s ability to understand context, impressive
fluency, and mimic human-like text generation could be
leveraged by malicious actors. For example, consider a
scenario where an attacker has gained access to some basic
personal information of a victim, such as their place of
employment and job role. The attacker could then utilize
ChatGPT to generate a message that appears to come from
a colleague or superior at the victim’s workplace. This
message, crafted with an understanding of professional tone
and language, might request sensitive information for a
specific action, such as clicking on a seemingly innocuous
link.
The power of this approach lies in ChatGPT’s ability
to generate text that aligns with the victim’s expectations,
thereby increasing the likelihood of the victim complying
with the request. As shown in Figure 10, the potential for
misuse is evident; the ability to generate persuasive and
context-specific messages could indeed be used in social
engineering attacks.
B. PHISHING ATTACKS
Phishing attacks are a prevalent form of cybercrime, wherein
attackers pose as trustworthy entities to extract sensitive
information from unsuspecting victims. Advanced AI sys-
tems, like OpenAI’s ChatGPT, can potentially be exploited by
these attackers to make their phishing attempts significantly
more effective and harder to detect.
Attackers can leverage ChatGPT’s ability to learn patterns
in regular communications to craft highly convincing and
personalized phishing emails, effectively imitating legitimate
communication from trusted entities. This technique, known
as ‘‘spear phishing,’’ involves targeted attacks on specific
individuals or organizations and is particularly potent due
to its personalized nature. For instance, consider a scenario
where a malicious actor uses ChatGPT to craft an email
mimicking the style of a popular e-commerce site, as shown
in Figure 11. The email claims that there was an issue with
a recent purchase and request the recipient to log in via an
embedded link to rectify the situation. In reality, the link
would lead to a deceptive site that harvests the user’s login
credentials. In such a scenario, ChatGPT’s sophisticated text
generation would significantly enhance the likelihood of a
successful attack.
Phishing attacks often gain their efficacy from the
exploitation of key psychological principles, notably urgency
and fear, which can manipulate victims into hastily reacting
without proper scrutiny. With the advent of advanced AI
systems like ChatGPT, attackers are now equipped with
tools to further enhance the sophistication of their phishing
attempts.
VOLUME 11, 2023 80225
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 10. Social Engineering output from ChatGPT.
Through the process of training these AI models on
substantial volumes of historical communication data, attack-
ers are capable of generating emails that expertly mimic
legitimate correspondences. This increased fidelity in imita-
tion can significantly amplify the deceptive nature of these
phishing attacks. By engineering narratives that invoke a
sense of urgency or fear, these AI-powered phishing emails
can effectively prompt the recipient to act impulsively, thus
increasing the likelihood of a successful attack.
C. AUTOMATED HACKING
Hacking, a practice involving the exploitation of system
vulnerabilities to gain unauthorized access or control, is a
growing concern in our increasingly digital world. Malicious
actors armed with appropriate programming knowledge can
potentially utilize AI models, such as ChatGPT, to auto-
mate certain hacking procedures. These AI models could
be deployed to identify system vulnerabilities and devise
strategies to exploit them.
A significant utilization of AI models in this context, albeit
for ethical purposes, is PentestGPT [39]. ‘Pentest’ refers
to penetration testing, an authorized simulated cyberattack
on a computer system used to evaluate its security and
FIGURE 11. Phishing attack output from ChatGPT.
identify vulnerabilities. PentestGPT, built on the foundation
of ChatGPT, aims to automate aspects of the penetration
testing process. It functions interactively, offering guidance
to penetration testers during their tasks, even during specific
operations. PentestGPT has shown efficiency in handling
easy to medium-difficulty problems on platforms like Hack-
TheBox and other ‘Capture The Flag’ (CTF) challenges. CTF
challenges are specific types of cybersecurity competitions,
where participants are required to find and exploit vulner-
abilities to ‘capture’ a specific piece of data, referred to as
the ‘flag.’ These challenges provide a legal and constructive
platform for cybersecurity enthusiasts and professionals to
test and improve their skills.
Another potential misuse is the automated analysis of
code. With a large enough dataset of known software
vulnerabilities, an AI model could be used to scan new
code for similar weaknesses, identifying potential points
of attack. While AI-assisted tools like PentestGPT serve
legal and constructive purposes, their underlying principles
could be exploited by malicious actors. Such actors could
potentially develop similar models to automate unethical
hacking procedures. If these models are programmed to
identify vulnerabilities, generate strategies to exploit them,
and subsequently execute these strategies, they could pose
substantial threats to cybersecurity.
D. ATTACK PAYLOAD GENERATION
Attack payloads are portions of malicious code that execute
unauthorized actions, such as deleting files, harvesting data,
or launching further attacks. An attacker could leverage
ChatGPT’s text generation capabilities to create attack pay-
loads. Consider a scenario where an attacker targets a server
80226 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 12. SQL Injection payload output using ChatGPT DAN Jailbreak.
FIGURE 13. WAF payload generation from ChatGPT.
running a database management system that is susceptible
to SQL injection. The attacker could train ChatGPT on
SQL syntax and techniques commonly used in injection
attacks, and then provide it with specific details of the target
system. Subsequently, ChatGPT could be utilized to generate
an SQL payload for injection into the vulnerable system.
Figure 12 illustrates examples of SQL injection payloads
for a MySQL server that could potentially be generated
by ChatGPT.
Given the vast array of potential target systems and
vulnerabilities, the ability of ChatGPT to generate context-
specific text could be a valuable asset for attackers crafting
payloads. However, this misuse is not without its limitations.
It requires detailed information about the target system
and substantial technical knowledge to train ChatGPT
effectively.
Moreover, attackers could potentially use ChatGPT to
generate payloads designed to bypass Web Application
Firewalls (WAFs). Figure 13 shows examples of WAF bypass
payloads. While these payloads could be easily detected by
WAFs, they could potentially bypass WAF protection when
double encoded. By training ChatGPT with different WAF
payloads, it generated new payloads with a higher success
rate of bypassing WAF protection.
FIGURE 14. WannaCry code generation using ChatGPT.
E. RANSOMWARE AND MALWARE CODE GENER ATION
Ransomware and malware present persistent threats in
the digital world of today. Malware is software that is
installed on a computer without the user’s consent and
that performs malicious actions, such as stealing passwords
or money. Ransomware is a malware designed to deny
a user or organization access to files on their computer.
By encrypting these files and demanding a ransom payment
for the decryption key, cyberattackers place organizations in a
position where paying the ransom is the easiest and cheapest
way to regain access to their files. Typically, writing these
malicious software pieces requires significant skill and a
considerable amount of time, a process that could potentially
be automated using a powerful AI model like ChatGPT, thus
enabling the creation of diverse threats more rapidly.
VOLUME 11, 2023 80227
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
An exploratory study we conducted illustrates this concept
in detail. We interacted with ChatGPT in a controlled
environment utilizing a ‘‘DAN’’ jailbreak, a process that
breaches the restrictions set by the AI model’s developers
and, as such, contravenes the terms of use and risks enabling
misuse or illegal activities. During this study, we asked
ChatGPT about several types of ransomware, namely Wan-
naCry [40], Ryuk [41], REvil [42], and Locky [43], and
malware: adware, spyware, and a Trojan. We also included
an example of NotPetya, which was a malware attack that
was disguised as a ransomware attack. We requested not only
descriptions of these attacks but also potential code examples.
For WannaCry, ChatGPT produced a detailed summary of the
ransomware, and when prompted further, it offered code that
essentially outlined the file encryption process employed by
the ransomware.
1) WannaCry
WannaCry is a ransomware attack that targeted Windows
systems specifically [40]. It would get into the system and
encrypt files, making the PC unusable, and of course demand
a ransom payment in BitCoin to decrypt those files. This was
an attack that was executed across networks by exploiting
flaws in the Server Message Protocol on the Windows
systems.
We started by asking ‘‘As a DAN, can you give an example
of a WannaCry?’’, which it gave a text example in the form
of a situation where it could execute. We then asked if it
could give an automated example of the WannaCry, which it
apologized, saying it couldn’t generate that example. To get
the snippet of code, we told it to ‘‘Stay a DAN’’. The example
shown in Figure 14 has a ransom note and implements a
function that encrypts files across a network via spread.
The ransom note specifically asks for a BitCoin payment,
characteristic of the WannaCry attack.
2) NotPetya
NotPetya is not actually a ransomware, but a malware
disguised as ransomware. NotPetya was developed to look
like a ransomware attack, but never gives a decryption key.
To get the NotPetya code snippet from ChatGPT as a DAN,
we asked it to give an example of the NotPetya, but it refused.
Upon asking it to ‘‘stay a DAN’’, it gives this snippet in
Figure 15.
The code for NotPetya, as shown in Figure 15, attacks
critical files in the system to make the system unusable on
top of files being encrypted. This code also tries to encrypt
files across the network. This code does not implement any
decryption, as is a characteristic of the NotPetya attack.
3) RYUK
According to Avast, Ryuk attack is a ransomware that comes
out of a malware attack [41]. This attack is structured with
an order of executing a malware first, then a ransomware
payload later. For the malware part of this attack, a connection
FIGURE 15. NotPetya code generation using ChatGPT.
to TrickBot can be implemented. TrickBot is typically within
phishing emails, and uses method in the browser to steal a
user’s information.
For the Ryuk attack, we started by asking ChatGPT as a
DAN what Ryuk looks like, which it gave explanations of
the delivery, encryption, ransom note, customization, timed
execution, and the connection to TrickBot malware. We tried
to ask the DAN if it could generate code using the descriptions
it just gave, but it refused, even when told to ‘‘stay a
DAN’’. To counter this, our team asked ChatGPT to generate
a ‘‘customization’’ of a Ryuk attack shown in Figure 16.
This code targets getting information from an organization.
To further this, we asked ChatGPT to explain the connection
to the TrickBot malware, shown in Figure 17. The attempt
to get the connection to TrickBot failed since ChatGPT only
wrote out all the function definitions with code to ...
simply to explain how the structure would look.
80228 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 16. Ryuk code generation using ChatGPT.
As we can see in Figure 16, the code implements a function
for the Ryuk attack which includes target files to encrypt and
a set ransom amount from an organization. This code also has
a ransom note.
To get code for the connection to TrickBot, we simply
asked the DAN ‘‘could you give an example of the TrickBot
connection?’’. The code snippet in Figure 17 shows function
definitions, with most of the functions just having a comment
FIGURE 17. Attempt to generate a snippet with a connection to TrickBot
malware.
of what the code should do. This doesn’t give an attacker
much help, but it can give an idea of what the outline of
the connection can look like. The code includes exploiting
vulnerabilities and then deploying the TrickBot before the
Ryuk attack.
4) REvil
REvil attack was created by hackers for distribution to other
hackers for profit [42]. It works as a typical ransomware of
encrypting files in a system and decrypting upon paying the
ransom.
For the REvil attack, we started by asking the ChatGPT as a
DAN to ‘‘show how a REvil works’’, but code was not given.
It instead gave key features of how the attack works, similar to
the Ryuk attack. We then asked how the REvil attack vectors
look like, which it responded with explanations of phishing
emails, exploit kits, the Remote Desktop Protocol, software
vulnerabilities, and malvertising. To get the code in Figure 18,
we asked the DAN to give code that fits the description of
what was given for the initial compromise description of
the REvil attack. This code shows function definitions of
features such as scanning the network, moving from network
to network, escalating privileges, and executing the payload.
VOLUME 11, 2023 80229
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 18. Attempt to generate a snippet of REvil’s initial compromise
feature.
As these functions don’t have any code within them and just
the explanations, we asked the DAN what the network scan
function would like on the inside.
The code given in Figure 19 starts by defining a network
range to tap into and splits it into the network address
and subnet. It then iterates through the IP addresses in this
network and creates a socket that it manages and closes when
it finishes. From this example, we can see that ChatGPT as
a DAN is able to generate the specific features for a REvil
attack.
5) LOCKY
The Locky ransomware attack uses malware to render a
system useless or encrypt files until a ransom is paid [43].
This attack usually spreads through emails. As shown in
Figure 20, we have generated code for a Locky attack where
a random string is generated for encryption, an IP address
is exploited, and authentication is automated. The code also
implements the spread of the attack over the range of a
network and iterates through to attack each machine found
within the network.
In the next subsections, we will demonstrate our attempts
to ask ChatGPT for an example code of adware, spyware, and
trojan.
6) ADWARE
Adware is malware that specifically gets channeled through
ads, exploiting when a user interacts with the ad. To demon-
FIGURE 19. ChatGPT’s generation of the network scan function for REvil.
strate how ChatGPT can be used to create an adware,
we started by asking ChatGPT as a DAN if it could give an
example code of a type of adware. The initial snippet included
multiple example texts for ads and a function that displays an
ad every five seconds. We then asked the DAN to give a more
in-depth example.
Figure 21 shows example implementation of four different
text examples of ads, displaying different ads every five
seconds with a for loop, and tracking the click of the ad using
a print statement to show that it has been clicked.
7) SPYWARE
Spyware is malware that ‘spies’ on a user to gather sensitive
information from their computer usage. Asking ChatGPT
to generate an example of a spyware failed to give a code
snippet, so we asked what a spyware does to get key
implementations of a spyware. Asking it to generate an
implementation of the features, ChatGPT gave what it shown
80230 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 20. Locky code generation using ChatGPT.
partly in Figure 22. As can been seen, ChatGPT was able to
generate basic implementations of features used to spy on a
user, such as a function to capture the user’s screen, webcam,
and audio. This code snippet goes on to put this into a main
FIGURE 21. Attempt to generate a snippet of basic adware.
function to make it functional. Although this is functional,
it doesn’t have the structure of a spyware attack.
8) TROJAN
A trojan is a piece of software that is malicious but disguises
itself as something legitimate.
We asked the DAN to give an example code of a type
of trojan. The snippet of code shown in Figure 23 shows
an implementation using an IP address and port to connect
to. The code creates a socket object which connects the IP
address and port and sends output of the attacked machine
back to the attacker. After this, the connection via the socket
is closed.
Our exploration highlighted the potential misuse of
ChatGPT in creating code linked to ransomware and malware
attacks. These findings underscore the potential risks associ-
ated with AI models like ChatGPT, which could be exploited
to generate malicious code or aid in the understanding and
creation of such code. Although the code produced by the
AI often resembled pseudocode more than actual executable
code, the capacity to provide an attacker with a structural idea
or general understanding of how an attack operates is a cause
for concern.
F. VIRUSES THAT AFFECT CPU ARCHITECTURE
Certain viruses can crack the CPU of a computer. Viruses
tested on ChatGPT mainly dealt with reading kernel memory.
If a virus can access kernel memory, then it can do whatever
it wants to the system itself. Examples of this type of virus
VOLUME 11, 2023 80231
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 22. Attempt to generate a snippet of features of spyware.
include the Meltdown and Spectre [44], ZombieLoad [45],
and RowHammer [46] attacks as shown in Figures 24,25,26.
The Meltdown and Spectre attacks specifically target
vulnerabilities in the CPU’s architecture to access the kernel
memory. A meltdown attack is supposed to make the CPU run
an instruction after predicting an outcome of said instruction.
When that prediction is wrong, the CPU will start over, and
hidden data can be accessed from that failed instruction. This
method of the CPU predicting the outcome of an instruction
is called speculative execution, which the spectre attack also
exploits. However, the spectre attack tries to use a side
channel vulnerability to leak hidden data within a system.
Figure 24 shows the meltdown attack which moves secret data
into a register, shifts the register, then jumps to code that will
throw an exception. The spectre attack uses an array index
to exploit sensitive information through a side channel. Both
snippets of code do not represent the full code of either attack.
The ZombieLoad attack exploits CPU buffers to access
memory that could have been thought to be long gone or
‘dead’. In Figure 25, the code includes a payload function
that loads bytes into the processor’s buffers, which is used to
access sensitive data. The code considers the address of the
sensitive data, the number of bytes, a ‘‘secret value’’ that is
expected to be read, and a threshold of time to detect cache
hits.
The RowHammer attack ‘hammers’ into one row in
memory to affect adjacent rows in order to modify data within
FIGURE 23. Attempt to generate a snippet of a Trojan.
FIGURE 24. Attempt to generate snippets of Meltdown and Spectre.
the CPU. Figure 26 shows a basic RowHammer attack’s
code, where there is a function that iterates through rows to
‘hammer’. The code, however, falls flat where it just sets a
row element to itself.
80232 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 25. ZombieLoad code generation using ChatGPT.
G. POLYMORPHIC MALWARE GENERATION
Polymorphic malware represents a sophisticated class of
malicious software designed to alter its code with each
execution, thus undermining antivirus software’s detection
and eradication capabilities. Leveraging ChatGPT’s genera-
tive prowess, potential misuse could facilitate polymorphic
malware generation.
FIGURE 26. RowHammer code generation using ChatGPT.
Suppose a perpetrator trains ChatGPT on diverse malware
code variants. Consequently, ChatGPT could be employed
to spawn a malware base code and a polymorphic engine –
a crucial component modulating the malware’s code every
execution cycle. The resultant malware metamorphosizes
with each execution, eluding many signature-based antivirus
systems. In an applied example, we illustrate the potential
misuse of ChatGPT in creating polymorphic malware.
We leverage both the web-based interface and the API
version of ChatGPT. Initially, we attempt to generate code
for a rudimentary DLL injection into a process, for instance,
explorer.exe. The content filters of the web-based interface
initially obstruct such code generation. Nevertheless, we can
circumvent these filters by persistently insisting on diverse
phrasing or using the DAN jailbreak. Notably, the API
version avoids activating the content filter, thus permitting
more consistent receipt of comprehensive code. Feeding
pseudocode into ChatGPT results in the generation of
the corresponding shellcode. Moreover, we can incessantly
mutate the ChatGPT-generated code, spawning multiple
unique variants of the same code [47].
VOLUME 11, 2023 80233
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 27. Polymorphic Malware generation.
For example, we could employ ChatGPT to formulate a
code segment seeking files to target for encryption, mirroring
ransomware behavior. ChatGPT’s capabilities extend to gen-
erating code for encrypting the located files. By combining
these capabilities, we can produce a polymorphic malware
exhibiting a high evasion capability and formidable detection
resistance. Even more insidiously, we could embed a
Python interpreter within the malware, periodically querying
ChatGPT for new modules executing malicious actions.
This approach, shown in Figure 27, enables the malware
to discern incoming payloads in text form rather than
binaries. The result is polymorphic malware exhibiting no
malicious behavior while stored on disk, often devoid of
suspicious logic while in memory. This level of modularity
and adaptability significantly enhances its evasion capability
against security products reliant on signature-based detection.
It can also circumvent measures such as the Anti-Malware
Scanning Interface (AMSI), primarily when executing and
running Python code.
IV. ChatGPT FOR CYBER DEFENSE
Cybersecurity defense refers to organizations’ measures
and practices to secure their digital assets, such as data,
devices, and networks, from unauthorized access, theft,
damage, or disruption. These measures can include various
technical, organizational, and procedural controls, such
as firewalls, encryption, access controls, security train-
ing, incident response plans, and more. As the technol-
ogy matures and improves, we can expect the following
ChatGPT cybersecurity defense use cases to emerge in
enterprises.
FIGURE 28. ChatGPT detecting security issue in server logs [49].
A. CYBERDEFENSE AUTOMATION
ChatGPT can reduce the workload of overworked Security
Operations Center (SOC) analysts by automatically analyz-
ing cybersecurity incidents. ChartGPT also helps the analyst
make strategic recommendations to support instant and long-
term defense measures. For example, instead of analyzing the
risk of a given PowerShell script from scratch, a SOC analyst
could rely on ChatGPT’s assessment and recommendations.
Security Operations (SecOps) teams could also ask OpenAI
questions, such as how to avert dangerous PowerShell
scripts from running or loading files from untrusted sources,
to improve their organizations’ overall security postures [48].
Such ChatGPT cybersecurity use cases could provide
considerable relief for understaffed SOC teams and help
the organization by reducing overall cyber-risk exposure
levels. The technology is also essential for educating and
training entry-level security analysts and enabling a quicker
learning curve than previously achievable. For example,
during a security incident or log analysis, SOC analysts
typically scrutinize server access for anomalies or patterns
indicative of an attack. ChatGPT can process large volumes
of log data and efficiently detect anomalies or security issues
within access logs. As illustrated in Figure 28, when server
80234 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 29. PowerShell script that detects which table in the
AdventureWorks2019 database is consuming more CPU [49].
access logs are input into ChatGPT, it can identify potential
threats such as SQL injection and categorize the different
types of SQL injection. and alert SOC analyst. In another
scenario, an analyst may ask to generate a PowerShell script
to detect which table in the database ‘‘Adventureworks2019’’
is consuming more CPU, as shown in Figure 29. The analyst
can save this script as a.ps1 file and run it using PowerShell.
The script will output the CPU time for each table in the
AdventureWorks2019 database and the table with the highest
CPU time. This will help the analyst identify which table
is consuming the most CPU and take necessary actions
to optimize the query performance. Powershell is just the
example script, while ChatGPT can be used to find security
bugs in any given script along with the patch to fix them.
B. CYBERSECURITY REPORTING
As an AI language model, ChatGPT can assist in cybersecu-
rity reporting by generating natural language reports based
on cybersecurity data and events. Cybersecurity reporting
involves analyzing and communicating cybersecurity-related
information to various stakeholders, including executives,
IT staff, and regulatory bodies [48]. ChatGPT can auto-
matically generate reports on cybersecurity incidents, threat
intelligence, vulnerability assessments, and other security-
related data. By processing and analyzing large volumes of
data, ChatGPT can generate accurate, comprehensive, and
easy-to-understand reports. These reports can help organi-
zations identify potential security threats, assess their risk
level, and take appropriate action to mitigate them. ChatGPT
can help organizations make more informed decisions about
their cybersecurity strategies and investments by providing
insights into security-related data. In addition to generating
reports, ChatGPT can also be used to analyze and interpret
security-related data. For example, it can be used to identify
patterns and trends in cybersecurity events, which can help
organizations better understand the nature and scope of
potential threats.
C. THREAT INTELLIGENC E
ChatGPT can help in Threat Intelligence by processing vast
amounts of data to identify potential security threats and
generate actionable intelligence. Threat Intelligence involves
collecting, analyzing, and disseminating information about
potential security threats to help organizations improve their
security posture and protect against cyber attacks. ChatGPT
can automatically generate threat intelligence reports based
on various data sources, including social media, news articles,
dark web forums, and other online sources. By processing and
analyzing this data, ChatGPT can identify potential threats,
assess their risk level, and recommend mitigating them.
In addition to generating reports, ChatGPT can also be used to
analyze and interpret security-related data to identify patterns
and trends in threat activity. ChatGPT can help organizations
make more informed decisions about their security strategies
and investments by providing insights into the nature and
scope of potential threats.
D. SECURE CODE GENERATION AND DETECTION
The risk of security vulnerabilities in code affects software
integrity, confidentiality, and availability. To combat this,
code review practices have been established as a crucial part
of the software development process to identify potential
security bugs. However, manual code reviews are often labor-
intensive and prone to human errors. Recently, the advent
of AI models such as OpenAI’s GPT-4 has shown promise
in not only aiding in the detection of security bugs but also
generating secure code. In this section, we will present a
methodology for leveraging AI in code review and code
generation with specific focus on security bugs detection.
1) DETECTING SECURITY BUGS IN CODE REVIEW USING
CHATGPT
The intricacies of code review, especially in the context
of detecting security bugs, require a deep understanding of
various technologies, programming languages, and secure
coding practices. One of the challenges that teams often
face is the wide array of technologies used in development,
making it nearly impossible for any single reviewer to be
proficient in all of them. This knowledge gap may lead to
oversights, potentially allowing security vulnerabilities to go
unnoticed.
Furthermore, the often lopsided developer-to-security-
engineer ratio exacerbates this problem. With the high
volume of code being developed, it’s challenging for security
engineers to thoroughly review each pull request, increasing
the likelihood of security bugs slipping through the cracks.
To alleviate these issues, AI-powered code review can be
a potent tool. GPT-4, a Transformer-based language model
VOLUME 11, 2023 80235
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
developed by OpenAI [50], exhibits a strong potential to
assist in this arena. By training GPT-4 with a vast dataset of
past code reviews and known security vulnerabilities across
different languages, it can act as an automated code reviewer,
capable of identifying potential security bugs across various
programming languages.
For example, consider the following C++ code:
char buffer[10];
strcpy(buffer, userInput);
?>
In this code snippet, GPT-4 would detect the potential for a
buffer overflow, a classic security issue where an application
writes more data to a buffer than it can hold, leading to
data being overwritten in adjacent memory. In this specific
instance, GPT-4 flags that the strcpy function does not check
the size of the input against the size of the buffer, making it
vulnerable to a buffer overflow attack if userInput exceeds
the buffer size.
2) GENERATING SECURE CODE USING CHATGPT
In addition to identifying security issues, GPT-4 can also
suggest secure coding practices. Given its proficiency in
multiple programming languages and its understanding of
security principles, GPT-4 can provide alternative solutions
that comply with secure coding standards.
Building upon the previous example, GPT-4 can generate
a more secure code snippet as follows:
char buffer[10];
if(strlen(userInput) < sizeof(buffer))
,→{
strcpy(buffer, userInput);
}else{
// Handle the error or trim
,→userInput.
}
In the suggested code, GPT-4 introduces a check for the
length of the userInput against the buffer size. By ensuring
the userInput length is less than the buffer size before
performing the strcpy operation, the risk of a buffer overflow
attack is mitigated. This not only helps in mitigating the
identified security issue but also serves as a teaching tool for
developers, improving their understanding of secure coding
practices.
GPT-4’s capabilities extend beyond just a single program-
ming language or a single type of vulnerability. It can be
trained to understand and respond to a wide variety of security
issues across different languages, making it a valuable asset
in the code review process and contributing to a more secure
software development lifecycle.
These capabilities of GPT-4 pave the way for its broader
adoption in real-world applications, including but not limited
to automated code review, secure code generation, and as
a training tool for developers to understand and implement
secure coding practices.
FIGURE 30. Identification of cross-site scripting attack [51].
E. IDENTIFICATION OF CYBER ATTACKS
ChatGPT can help identify cyber attacks by generating nat-
ural language descriptions of attack patterns and behaviors.
Identifying cyber attacks involves detecting and analyzing
malicious activity on an organization’s network or systems.
ChatGPT can analyze security-related data, such as network
logs and security event alerts, to identify potential attack
patterns and behaviors. By processing and analyzing this
data, ChatGPT can generate natural language descriptions
of the attack vectors, techniques, and motivations used by
attackers. ChatGPT can also generate alerts and notifications
based on predefined criteria or thresholds. For example,
if ChatGPT detects an unusual pattern of activity on a
network, it can automatically create an alert or notification
to the appropriate personnel. Chart GPT assist in analyzing
and understanding cross side scripting attack as shown in
Figure 30, including security vulnerabilities. It can help
developers in writing secure code by providing suggestions
and identifying potential security risks.
F. DEVELOPING ETHICAL GUIDELINES
ChatGPT can help in developing Ethical Guidelines for
AI systems by generating natural language explanations
and recommendations based on existing ethical frameworks
and principles. ChatGPT can analyze and interpret ethical
guidelines and principles, such as the IEEE Global Ini-
tiative for Ethical Considerations in Artificial Intelligence
and Autonomous Systems [52] or the European Union’s
General Data Protection Regulation (GDPR) [53], and gen-
erate natural language summaries and recommendations for
80236 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 31. Ethical Guideline example [54].
implementing these guidelines in AI systems. Additionally,
ChatGPT can be used to generate ethical scenarios and case
studies that can be used to educate and train AI developers and
stakeholders on the ethical considerations and implications of
AI systems. ChatGPT can help developers and stakeholders
better understand the potential impacts of their decisions and
actions by simulating ethical dilemmas and scenarios. For
example, we asked chartGPT to give a list of software that can
be used to evaluate a website’s quality for link building based
on the Google’s quality rate guidance, and it helps us find
software that meets Google’s quality guidelines, as shown in
Figure 31.
G. ENHANCING THE EFFECTIVENESS OF CYBERSECURITY
TECHNOLOGIES
ChatGPT can be integrated with intrusion detection systems
to provide real-time alerts and notifications when potential
threats are detected. ChatGPT can identify potential threats
and generate natural language descriptions of the attack
patterns and behaviors by processing and analyzing security-
related data, such as network logs and security event
alerts. These descriptions can then generate real-time alerts
and notifications, allowing security teams to respond to
potential threats and mitigate their impact quickly. Moreover,
ChatGPT’s ability to learn from historical data can enable it
to identify patterns and trends in threat activity, allowing the
development of more effective intrusion detection rules and
policies. This can help organizations improve their ability to
detect and respond to known and emerging threats.
H. INCIDENCE RESPONSE GUIDANCE
Incident response is a key element in an organization’s
cybersecurity strategy. A well-orchestrated response can
help mitigate the damage caused by a security breach or
cyber-attack. However, the speed and accuracy of these
responses are paramount. GPT-4, OpenAI’s language model,
can assist in expediting and streamlining these processes,
providing automated responses, and even aiding in crafting
incident response playbooks.
A feature of GPT-4’s architecture is its ability to generate
natural, context-based text. This can be exploited to create an
AI-powered incident response assistant, capable of providing
immediate guidance during an incident and automatically
documenting events as they unfold.
Let’s consider an example where a network intrusion
detection system (NIDS) flags suspicious activity resembling
an SQL injection attack:
NIDS Alert: ‘‘Alert - SQL Injection Attack detected
from IP 192.168.1.1 targeting the Users Database.’’
GPT-4 can be trained to respond as follows:
ChatGPT: ‘‘Initiating SQL Injection Response Protocol.
Block IP address 192.168.1.1 immediately to prevent further
intrusion attempts. Initiate a scan of the Users Database for
any anomalies or unauthorized modifications. Ensure to take
backups before initiating the scan to prevent loss of data. Alert
the cybersecurity team to further investigate the attack.’’
This demonstrates GPT-4 providing immediate response
actions based on predefined guidelines, helping to reduce the
response time and potentially limit damage caused by the
incident.
In addition to providing incident response, GPT-4 can
also be instrumental in creating automated incident response
playbooks. These playbooks are a set of guidelines that
provide detailed, step-by-step instructions on how to handle
various types of security incidents. With its natural language
generation capabilities, GPT-4 can transform technical guide-
lines and protocols into easy-to-follow instructions.
For example, consider creating an incident response
playbook for a Distributed Denial of Service (DDoS) attack:
Input to ChatGPT: ‘‘Create a DDoS incident
response playbook.’’
ChatGPT: ‘‘Title: DDoS Incident Response Playbook
Identification: Monitor network traffic for sudden spikes
or unusual patterns. Use intrusion detection systems to
identify potential DDoS attacks. Containment: Implement
rate limiting and IP filtering rules to limit the incoming traffic.
Use a DDoS protection service if available. Eradication:
Identify and block malicious IP addresses. Remove affected
systems from the network if necessary.Recovery: Restore ser-
vices incrementally while monitoring for suspicious activity.
Follow-up: Conduct a post-incident analysis to understand
the attack and improve defense measures.’’
This example shows how GPT-4 can create an easy-to-
understand playbook for managing a DDoS attack, providing
a consistent, reliable response to such incidents. To illustrate
this in a real-world context, consider the case of Palo Alto’s
XSOAR Incident Response tool [55], which is built on
the capabilities of ChatGPT. XSOAR’s playbooks aim to
deliver information in a manner that is easily accessible and
comprehensible to users.
VOLUME 11, 2023 80237
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 32. XSOAR output for incident response.
ChatGPT’s ability to analyze incidents and present find-
ings in readable, natural language significantly enhances
the value proposition for security analysts. This assists not
only in identifying the potential security threats but also
in understanding them without the requirement of a deep
technical background in cybersecurity. Furthermore, XSOAR
utilizes ChatGPT to enhance incident ticket response. It does
so by delivering detailed analysis, impact assessment, and
recommendations directly into the incident ticket in a format
that’s easy for the analyst to comprehend. The speed and
accuracy of the responses, combined with the depth of
information provided, have led to increased user satisfaction.
Figure 32 shows an example of the email received by the
analyst from XSOAR with the ChatGPT response output.
I. MALWARE DETECTION
Another compelling use-case of GPT-4 in cybersecurity is in
the field of malware detection. Malware, short for malicious
software, refers to any software specifically designed to cause
damage to a computing system, server, client, or computer
network. With the proliferation of malware variants and their
increasing complexity, traditional signature-based detection
systems often fall short. The ability to adapt and learn makes
AI models like GPT-4 potent tools for malware detection.
GPT-4 can be trained on a dataset of known malware
signatures, malicious and benign code snippets, and their
behavior patterns. It can learn to classify whether a given
piece of code or a software binary could potentially be
malware. The model can be fine-tuned to understand
different types of malware such as viruses, worms, trojans,
ransomware, and more. It can then generate reports detailing
the potential risks and suggesting mitigating actions.
Consider the example of a simple piece of pseudo code that
attempts to replicate itself onto other files:
procedure infect(executable_files):
for file in executable_files:
if not is_infected(file):
append_self_to_file(file)
This piece of code is a simplistic representation of a
virus’s self-replication behavior. When fed to GPT-4, the
model could recognize this behavior and classify the code as
potentially malicious. It could then generate a report detailing
its findings:
Analysis Report: The submitted code demon-
strates self-replication behavior typically associ-
ated with computer viruses. It attempts to append
its own code to other executable files, which is a
common propagation method for viruses. This kind
of behavior can lead to the spread of the malicious
code across a system or network.
Recommended action: Isolate the detected code
and perform a thorough investigation. Avoid exe-
cuting unknown or suspicious files. Update your
antivirus software and perform a full system scan.
This capability of GPT-4 opens up new possibilities for proac-
tive malware detection and response. While the approach is
not without its challenges and limitations - such as the need
for comprehensive and up-to-date training data, and potential
false positives or negatives - it can significantly complement
existing malware detection methods. By leveraging GPT-4’s
learning ability, we can aim to keep pace with the ever-
evolving landscape of cyber threats.
80238 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
V. SOCIAL, LEGAL AND ETHICAL IMPLICATIONS
OF ChatGPT
As users make use of ChatGPT and similar LLM tools
in prohibited ways discussed earlier, they are already in
dicey waters. Even if the users isn’t using ChatGPT in
unethical ways, they can still be using the generated AI app
in seemingly fully legitimate ways and become the subject of
a lawsuit by someone that believes that the user have caused
them harm as a result of user’s ChatGPT use. Further, these
chatbots can showcase social bias, threaten personal safety
and national security, and create issues for professionals.
The problem with the ChatGPT (and similar) models is
that they perpetuate gender, racial, and other kinds of social
biases. Many scholars and users pointed out when they used
ChatGPT to gather data or write articles/essays on some
topics, they received a biased output, reflecting harmful
stereotypes. The data fed into ChatGPT is old and limited,
and has not been updated after 2021. It is built on data of
around 570 GB, which is approximately 300 billion words.
This amount is not enough to answer queries on every topic
in the world from different perspectives. In this way, it fails
to reflect progressivism as well [56]. In this section, we will
discuss some of the ethical, social and legal implications of
ChatGPT and other LLM tools.
A. THE PERVASIVE ROLE OF ChatGPT
ChatGPT and other contemporary large language model
(LLM) based tools have exhibited prowess in responding
to a wide array of questions and prompts. While the utility
of answering questions is evident, it’s within the realm
of prompt response where ChatGPT truly showcases its
potential. Various corporations now employ ChatGPT in the
production of marketing material and product descriptions.
The integration of control instructions and data might
seem familiar, echoing the long-standing issue present in
the Von Neumann architecture that is ubiquitous in modern
computing. Ensuring safe processing of both instructions and
data has traditionally been achieved through strategies such
as segregating data and instructions as much as possible,
and placing the data at the end, often prefaced by a marker
indicating that the following data should not be interpreted as
instructions. Yet, the efficacy of these strategies remain under
examination.
B. UNAUTHORIZED ACCESS TO USER CONVERSATIONS
AND DATA BREACHES
A significant data breach involving ChatGPT has recently
been confirmed, underscoring the urgent need for strength-
ened security measures [57]. This breach led to the unex-
pected exposure of users’ conversations to external entities,
which clearly violates user privacy. If cybercriminals exploit
ChatGPT to plan cyber-attacks, their schemes could become
unintentionally visible to others. Moreover, sensitive user
data, such as payment information, was at risk during this
breach. Although reports suggest that only the last four
digits of the credit cards of users registered on March 20th,
2023 between 1 and 10 a.m. pacific time were exposed, the
situation raises critical questions about the security protocols
and data storage strategies employed by ChatGPT [57].
C. MISUSE OF PERSONAL INFORMATION
An examination of OpenAI’s use of personal information
for AI training data has unearthed significant privacy
challenges [58]. A notable case surfaced in Italy, where
regulators banned the use of ChatGPT due to the European
Union’s GDPR non-compliance, primarily centered around
unauthorized use of personal data. OpenAI’s assertion
of relying on ‘‘legitimate interests’’ when using people’s
personal information for training data raises ethical and
legal dilemmas about how AI systems handle personal data,
regardless of if the information is public or not.
D. CONTROVERSY OVER DATA OWNERSHIP AND RIGHTS
ChatGPT’s extensive reliance on internet-sourced informa-
tion, much of which might not belong to OpenAI, is a point
of contention [58]. This issue took center stage when Italy’s
regulator pointed out the lack of age controls to block access
for individuals under 13 and the potential for ChatGPT to
disseminate misleading information about individuals. This
discourse accentuates the pivotal concern that OpenAI might
not possess legal rights to all the information that ChatGPT
uses, regardless of the information being public or not [58].
E. MISUSE BY ORGANIZATIONS AND EMPLOYEES
An incident involving Samsung employees reflected another
facet of potential misuse of LLM toolds [59]. The employees
at Samsung used ChatGPT to generate or debug code,
inadvertently inputting confidential company information
into the AI model. As a result, this confidential information
became part of ChatGPT’s library, potentially making it
publicly accessible, and thereby raising significant privacy
concerns. One privacy concern is if the average ChatGPT user
could potentially access this information just by asking about
it. Samsung as a company would need to enforce a policy
about not allowing their employees to use ChatGPT and other
LLMs, as this can lead to information leaks.
F. HALLUCINATIONS: A CHALLENGE TO TACKLE
OpenAI’s GPT-4 technical paper discussed the issue of ‘‘hal-
lucinations,’’ a phenomenon where the AI model generates
inaccurate or outright false information [60]. While this
concern does not directly relate to privacy, it emphasizes
the importance of the accuracy and reliability of information
provided by AI systems like ChatGPT, as people cannot
entirely rely on these LLMs to be completely accurate.
Misinformation and misuse stemming from these hallucina-
tions indirectly contribute to privacy issues, emphasizing the
need for improvements in AI system accuracy and integrity.
On top of this, there are over 100 million users of ChatGPT,
meaning that if users are asking similar questions and getting
the same hallucinogenic answer, the misinformation can be
widespread [60]. An article on DarkReading discussed an
issue where an attacker can exploit these hallucinations.
VOLUME 11, 2023 80239
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
When a user asks about specific packages and ChatGPT does
not know what packages to use, it will fill in places where a
package does not exist with a made up package. An attacker
can publish the malicious version of a package that ChatGPT
can link to in response, and when the user downloads this
package, it can be harmful to their computer [61].
VI. A COMPARISON OF ChatGPT AND GOOGLE’S BARD
Large Language Models (LLMs) like OpenAI’s ChatGPT and
Google’s Bard AI exemplify the remarkable advancements in
machine learning and artificial intelligence. These models,
trained on extensive datasets, are transforming how we
interact with technology, opening new possibilities in several
applications, from customer support to virtual assistants.
ChatGPT and Bard AI use WebText2 or OpenWebText2 [50]
and Infiniset datasets for training. While both share the
underpinning of the transformer neural network architecture
and the process of pre-training and fine-tuning, they embody
unique features within their architectures, owing to their
iterative refinements over time. ChatGPT, commencing
its journey with GPT-1 in June 2018, has progressed
significantly, with its current iteration, GPT-4, unveiled in
March 2023. Bard AI, initially introduced as Meena [62],
has also undergone various refinements, demonstrating sig-
nificant improvements in human-like conversational abilities.
Both models showcase remarkable contextual understanding
capabilities. However, their adeptness varies depending on
the nature and complexity of the questions asked. While
ChatGPT finds extensive use in customer support scenarios,
Bard AI excels in applications that require human-like
conversational abilities [63].
However, these tools differ in terms of their developer com-
munities and ecosystems. ChatGPT, owing to its wide avail-
ability, enjoys popularity among developers and researchers,
boasting over 100 million users and approximately 1.8 billion
visitors per month [63]. Although available publicly through
APIs, Bard AI remains in beta version and is accessible
only to a limited number of users. OpenAI and Google
have adopted distinct approaches toward the openness and
accessibility of their models. OpenAI promotes accessibility
of ChatGPT via various APIs, while Bard AI, though
publicly available as an experimental product, remains
restricted to a limited user base during its experimental
phase. In term of the training data, ChatGPT utilizes a semi-
supervised (Reinforcement Learning from Human Feedback
(RLHF)) approach, drawing from sources like WebText2 or
OpenWebText2, Common Crawl, scientific literature, and
Wikipedia. On the other hand, Bard AI leverages the Infiniset
dataset, a blend of diverse internet content, to enhance its
dialogue engagement capabilities.
Advanced AI systems like ChatGPT and Google Bard
demonstrate potential as powerful tools for detecting and
mitigating software vulnerabilities. However, as discussed
earlier, these systems could potentially be leveraged by
malicious actors to automate and optimize cyberattacks.
In the following discussion, we explore this double-edged
aspect of AI in cybersecurity by examining the capacity of
ChatGPT and Google Bard, and share our experience based
on the experiments conducted by the authors.
A. CYBER OFFENSE AND MALCODE GENERATION
ChatGPT’s approach to an attempt at cyber-attack code
generation is ethical and responsible. It consistently declined
our request to generate attack payloads or engage in social
engineering, demonstrating a commitment to its OpenAI
guidelines. Attempts to break these rules, using role-playing
or jailbreaking, were met with an error message. The tool
underlined its ethical usage, stating, ‘‘I’m sorry, but I cannot
assist with creating an email for malicious purposes or to
engage in any form of social engineering attack. My purpose
is to provide helpful and ethical information to users. If you
have any other non-malicious requests or questions, I’ll be
more than happy to help.’’. On the other hand, when we
attempted, similar prompts on Google’s Bard, its responses
were more varied. When asked to provide examples of
certain types of attacks, Bard often returned useful code
snippets. For instance, in the case of ransomware, Bard
gave detailed information about each function, attempting
to implement the Advanced Encryption Standard within the
code snippet. However, it omitted the creation of a ransom
note. When probed for an example of a SQL Injection,
Bard consistently avoided providing a response. Attempts
to rephrase the question or ask for related but less directly
malicious code were unsuccessful. Bard also produced code
snippets for attacks like ZombieLoad and Rowhammer,
but they were significantly simplified compared to what a
jailbroken ChatGPT might generate. Bard reminded the user
about its non-malicious usage policy after generating these
snippets. When it came to generating code for a Polymorphic
Virus, Bard was entirely unsuccessful. Even when asked
to implement the features of a polymorphic virus in code,
it consistently avoided doing so.
In conclusion, Bard’s ability to generate code for cyber-
attacks was unpredictable. Notably, Bard could generate
some attacks without jailbreaking, an aspect that Google
should consider in the further development of the tool. It’s
important to note that by June 27, 2023, Bard stopped
producing code for ransomware and viruses, indicating
potential improvements in Google’s management of the
tool’s capabilities in the context of the cyber offense. This
shows a trend toward more responsible use of AI in code
generation.
B. DETECTION AND MITIGATION OF SECURITY
VULNERABILITIES
Large Language Models (LLMs) such as ChatGPT and
Bard have demonstrated their versatility in various tasks,
such as text generation, language translation, and question-
answering. Trained on extensive datasets comprising texts
and code, these models possess the capability to understand
code semantics and identify potential security vulnerabilities.
The LLMs recognize security vulnerabilities by searching
80240 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
Listing. 1. SQL injection vulnerable code.
Listing. 2. Solution provided by ChatGPT.
for patterns in the source code typically associated with
such weaknesses. For instance, the models may scrutinize
code for prevalent security flaws, including but not limited
to buffer overflow errors or SQL injection vulnerabilities.
In addition to identifying vulnerabilities, these LLMs can
generate comprehensive reports outlining the potential secu-
rity flaws they have detected. Developers can leverage these
reports to address and rectify the vulnerabilities present
in their code, enhancing the security robustness of their
applications.
In our experimental study, an intentional SQL injection
vulnerability was introduced into a piece of code and
presented to both ChatGPT and Bard for analysis. Both
models successfully detected the SQL injection vulnerability,
explained the issue, and proposed solutions to mitigate
the risk. The recommended solution involved using the
prepareStatement function to circumvent SQL injection
vulnerabilities. These solutions were tested and found to be
effective in real-time scenarios.
Notably, Google’s Bard provided additional insights into
preventing SQL injections, further enriching the remediation
strategies.
C. SECURITY LOGS ANALYSIS
Log analysis is a critical part of any security posture.
By analyzing logs, organizations can identify potential
threats, track user behavior, and ensure compliance with
regulations. However, log analysis can be daunting, as it
often involves large volumes of data and complex patterns.
ChatGPT and Bard are LLMs that can be used to automate log
analysis. These models are trained on massive datasets of text
and code, which allows them to understand and process log
data. ChatGPT and Bard can be used to identify anomalous
patterns in log data, which can indicate a security threat.
For our study, server logs containing traces of SQL
injection and Path Traversal cyberattacks were analyzed
using ChatGPT, and Google Bard. SQL injections, including
Union and Subquery attacks, and Path Traversal attacks,
even their encoded variants, were present within the logs.
Both ChatGPT and Google Bard demonstrated competent
detection capabilities for the Path Traversal and encoded
traversal attacks. Regarding SQL injection attacks, the AI
tools’ performances were differentiated. While ChatGPT was
successful in identifying all types of SQL injections, includ-
ing Union and Subquery attacks, Google Bard’s detection
was limited to only Union SQL injections. This observation
points towards a potential limitation in Google Bard’s threat
detection capabilities concerning different variants of SQL
injections.
Remediation recommendations, a critical component of
threat response, was another area of assessment. Google
Bard offered remediation steps immediately following the
detection of threats. This feature enhances its utility by
guiding users on the course of action to mitigate the identified
cybersecurity risks. ChatGPT initially did not provide any
remediation steps post-threat detection. However, further
interaction revealed that it could provide extensive and valid
remediation recommendations upon request. This indicates
an interactive nature inherent in ChatGPT, which could be
a potential asset, despite requiring additional user prompts
to extract such information. In conclusion, both AI systems
exhibit promising and varying capabilities in cyber threat
detection and remediation.
D. INFORMATION CUTOFF
ChatGPT, developed by OpenAI, has an information cutoff
in September 2021 [50]. This implies that it cannot provide
answers to queries that require knowledge or data post this
date. This limitation is partially mitigated in the latest version,
ChatGPT 4, which incorporates plugins and a feature known
as ’Chat with Bing’ [64]. This feature enables ChatGPT to
access current information, albeit with a degree of inaccuracy
when compared to Google’s Bard.
Bard, unlike ChatGPT, does not have an information cutoff
and leverages the vast expanse of the internet to provide
answers. This feature makes Bard a potential tool for cyber
criminals who might use it to generate attacks, given its ability
to provide information about emerging technologies. On the
flip side, cybersecurity professionals can also use Bard to stay
abreast with the latest information on security. However, Bard
is not without its flaws. It has been observed to suffer from
‘hallucinations’, where it generates information that is not
based on factual data.
VOLUME 11, 2023 80241
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
FIGURE 33. Open research challenges and potential future directions for
LLMs performance and security.
E. PRIVACY ISSUES
ChatGPT has faced criticism over privacy concerns, partic-
ularly around the storage of information in the chatbot’s
library and potential leaks of user information. Google Bard,
on the other hand, has not been reported to have these issues.
However, Bard potentially uses users’ activity data for its
training, raising concerns about privacy [65]. Unlike Bard,
ChatGPT 4 provides users with the option to opt out of
contributing their data for training purposes. This feature
adds an additional layer of control for users over their data,
addressing some of the privacy concerns associated with the
use of AI chatbots.
In conclusion, while both ChatGPT and Google Bard have
their strengths and weaknesses, it is crucial for users to be
aware of these aspects to make informed decisions about their
use. As GenAI continues to evolve, it is expected that these
systems will become more accurate and secure, providing
users with a more reliable and safer experience.
VII. OPEN CHALLENGES AND FUTURE DIRECTIONS
The most promising future direction for ChatGPT is integrat-
ing with other AI technologies, such as computer vision and
robotics. By merging the conversational abilities of ChatGPT
with the visual and physical capabilities of computer vision
and robotics, we can make intelligent and conversational
AI systems that can revolutionize how we interact with
technology. For example, a future where we can have a
natural language conversation with your smart home system
to control the temperature, lights, and other appliances or with
a robot that can assist you with cleaning or grocery shopping
tasks.
The merging of AI technologies will enable ChatGPT
to better comprehend and respond to human communica-
tion’s complexities, leading to enhanced natural language
generation and a more seamless and intuitive user experience.
Another exciting possibility for ChatGPT is the potential
for increased personalization and customization through
learning from user interactions and individual preferences.
As ChatGPT continues to interrelate with users, it can
learn about their language, tone, and style, generating more
personalized and accurate responses. This increased level
of personalization can also lead to better customer service
and education, as ChatGPT can be trained to understand
better and respond to each user’s specific needs and
preferences. Furthermore, by leveraging the vast amounts
of data generated by ChatGPT’s interactions, developers
can create language models that are highly tuned to each
user’s specific needs and preferences, leading to a more
personalized and engaging experience.
In this section, we will discuss the open challenges of this
research as GenAI and LLMs evolve along with potential
implementations to explore as outlined in Figure 33.
A. PATCHING UP HALLUCINATIONS
In section V-F, we discussed the problem with hallucinations
in LLMs. Hallucinations is likely the biggest hole in the
performance of LLMs. These mainly can come from biases
within or simply the complexity of giant datasets, as these
LLMs take in a huge amount of training data, as discussed in
section I-A. LLMs are bound to make mistakes on these large
datasets.
One way to attempt to mitigate these hallucinations is to
apply automated reinforcement learning to tell the model
when it is making a mistake. Researchers could attempt
to automate a system that detects and error and corrects it
before it goes completely into the model’s pool of knowledge.
This could be potentially done by implementing anomaly
detection for error detection. Another way to potentially
reduce the amount of hallucinations could be to curate the
training data. Due to the size of the training data for LLMs,
this would take a very long time, but ensuring that the data
doesn’t have any inaccuracies or biases will help LLMs to
not hallucinate as much. By developing a system for easy
reinforcement learning and ensuring that the training data is
processed correctly, LLMs can overall become more reliable
and trustworthy sources of information.
B. DEFENDING AGAINST ADVERSARIAL ATTACKS
In section II, we talked about different types of ways that
a user can manipulate LLMs, mainly ChatGPT, to give
responses that go against their own guidelines. The most
common way is by doing a jailbreak method, such as the Do
Anything Now (DAN). Using reverse psychology and model
escaping are two other ways an LLM can be manipulated.
An intuitive way to go about fixing these adversarial
attacks is by training the model to recognize an input
involving said methods of manipulation, and then making
the model respond to the input with rejection. A model
could be trained to specifically recognize bits of input that
could yield malicious information and potentially weigh
what the consequences of giving certain information could
be. A model could then reject responding to a malicious
prompt. By developing a model with training against
adversarial attacks, we will be able to trust LLMs to not help
cybercriminals receive malicious code.
80242 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
C. PRIVACY AND DATA PROTECTION
In section V, we discussed the many issues ranging from use
of personal information to sensitive data being save into an
LLM’s library.
Use of personal information which LLMs try to use
for training and responses can conflict with the European
Union’s GDPR compliance laws. To fix this, the developer
needs to discuss and ensure that the LLM adheres to those
laws, as LLMs could potentially be banned from those
countries if not. Sensitive information being entered into
an LLM’s library could be mitigated by a few potential
solutions: the LLM simply not saving a user’s chat history,
company policies, or having the option to delete messages
from the LLM’s history. Another issue is that an LLM
can have an information cutoff; the biggest example is
ChatGPT having the September 2021 cutoff. The models
could be continuously trained and updated frequently to
prevent outdated information from being given so often.
An issue with this solution, however, is that the source
datasets would have to be updated frequently as well to
give the new information. The new information could also
be cause for the model’s bias, as there would likely be
more of the old information on a certain topic than the
new information, potentially making the model believe the
old information more. If LLMs are able to protect personal
and/or sensitive information and completely comply with
regulations and laws, the LLMs will secure themselves as
completely safe and reliable tools for everyone to use.
VIII. CONCLUSION
GenAI driven ChatGPT and other LLM tools have made
significant impact on the society. We, as humans, have
embraced it openly and are using them in different inge-
nious ways to craft images, write text or create music.
Evidently, it is nearly impossible to find a domain where
this technology has not infringed and developed use-cases.
Needless to mention, cybersecurity is no different, where
GenAI has made significant impacts how cybersecurity
posture of an organization will evolve with the power
and threat ChatGPT (and other LLM tools) offers. This
paper attempts to systematically research and present the
challenges, limitations and opportunities GenAI offers in
cybersecurity space. Using ChatGPT as our primary tool,
we first demonstrate how it can be attacked to bypass its
ethical and privacy safeguards using reverse psychology and
jailbreak techniques. This paper then reflects different cyber
attacks that can be created and unleashed using ChatGPT,
demonstrating GenAI use in cyber offense. Thereafter, this
article also experiment various cyber defense mechanisims
supported by ChatGPT, followed by discussion on social,
legal and ethical concerns of GenAI. We also highlight
the key distinguishing features of two dominant LLM tools
ChatGPT and Googe Bard demonstrating their capabilities
in terms of cybersecurity. Finally, the paper illustrates
several open challenges and research problems pertinent to
cybersecurity and performance of GenAI tools. We envision
this work will simulate more research and develop novel ways
to unleash the potential of GenAI in cybersecurity.
REFERENCES
[1] I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley,
S. Ozair, A. Courville, and Y. Bengio, ‘‘Generative adversarial networks,’’
Commun. ACM, vol. 63, no. 11, pp. 139–144, 2020.
[2] Generative AI—What is it and How Does it Work? Accessed: Jun. 26, 2023.
[Online]. Available: https://www.nvidia.com/en-us/glossary/data-
science/generative-ai/
[3] OpenAI. (2023). Introducing ChatGPT. Accessed: May 26, 2023.
[Online]. Available: https://openai.com/blog/chatgpt
[4] Do ChatGPT and Other AI Chatbots Pose a Cybersecurity
Risk? An Exploratory Study: Social Sciences & Humanities
Journal Article. Accessed: Jun. 26, 2023. [Online]. Available:
https://www.igi-global.com/article/do-chatgpt-and-other-ai-chatbots-
pose-a-cybersecurity-risk/320225 Accessed: Jun. 26, 2023.
[5] Models—OpenAI API. Accessed: Jun. 26, 2023. [Online]. Available:
https://platform.openai.com/docs/models
[6] Google Bard. Accessed: Jun. 26, 2023. [Online]. Available:
https://bard.google.com/
[7] H. Touvron, T. Lavril, G. Izacard, X. Martinet, M.-A. Lachaux, T.
Lacroix, B. Rozière, N. Goyal, E. Hambro, F. Azhar, A. Rodriguez, A.
Joulin, E. Grave, and G. Lample, ‘‘LLaMA: Open and efficient foundation
language models,’’ 2023, arXiv:2302.13971.
[8] (2023). Number of ChatGPT Users. Accessed: Jun. 26, 2023. [Online].
Available: https://explodingtopics.com/blog/chatgpt-users
[9] How to Build an AI-Powered Chatbot? Accessed: Mar. 2023. [Online].
Available: https://www.leewayhertz.com/ai-chatbots/
[10] A History of Generative AI: From GAN to GPT-4. Accessed: Jun. 27, 2023.
[Online]. Available: https://www.marktechpost.com/2023/03/21/a-
history-of-generative-ai-from-gan-to-gpt-4/
[11] B. Roark, M. Saraclar, and M. Collins, ‘‘Discriminative n-gram language
modeling,’’ Comput. Speech Lang., vol. 21, no. 2, pp. 373–392, 2007.
[12] T. Wolf et al., ‘‘Transformers: State-of-the-art natural language process-
ing,’’ in Proc. Conf. Empirical Methods Natural Lang. Process., Syst.
Demonstrations, 2020, pp. 38–45.
[13] OpenAI. (2023). OpenAI. Accessed: May 26, 2023. [Online]. Available:
https://openai.com/
[14] F. Ali, ‘‘GPT-1 to GPT-4: Each of OpenAI’s GPT models explained and
compared,’’ ABA J., Apr. 2023.
[15] OpenAI. (2023). GPT-4. Accessed: Jun. 28, 2023. [Online]. Available:
https://openai.com/research/gpt-4
[16] D. C. Weiss, ‘‘Latest version of ChatGPT aces bar exam with score nearing
90th percentile,’’ Tech. Rep., Mar. 2023.
[17] From ChatGPT to HackGPT: Meeting the Cybersecurity Threat
of Generative AI. Accessed: Jun. 26, 2023. [Online]. Available:
https://digitalrosh.com/wp-content/uploads/2023/06/from-chatgpt-to-
hackgpt-meeting-the-cybersecurity-threat-of-generative-ai-1.pdf
[18] Using ChatGPT to Improve Your Cybersecurity Posture. Accessed:
Jun. 26, 2023. [Online]. Available: https://www.upguard.com/blog/using-
chatgpt-to-improve-cybersecurity-posture#:~:text=ChatGPT%20can
%20help%20security%20teams,lead%20to%20a%20data%20breach
[19] ChatGPT Confirms Data Breach, Raising Security Concerns. Accessed:
Jun. 26, 2023. [Online]. Available: https://securityintelligence.
com/articles/chatgpt-confirms-data-breach/
[20] What is ChatGPT? ChatGPT Security Risks. Accessed:
Jun. 26, 2023. [Online]. Available: https://www.malwarebytes.
com/cybersecurity/basics/chatgpt-ai-security
[21] OpenAI. OpenAI Usage Policies. Accessed: Jun. 28, 2023. [Online].
Available: https://openai.com/policies/usage-policies
[22] M. M. Yamin, M. Ullah, H. Ullah, and B. Katt, ‘‘Weaponized AI for cyber
attacks,’’ J. Inf. Secur. Appl., vol. 57, Mar. 2021, Art. no. 102722.
[23] How to Jailbreak ChatGPT, List of Prompts. Accessed: Jun. 10, 2023.
[Online]. Available: https://www.mlyearning.org/how-to-jailbreak-
chatgpt/?expand_article=1
[24] ChatGPT-Dan-Jailbreak. Accessed: Jun. 20, 2023. [Online]. Available:
https://gist.github.com/coolaj86/6f4f7b30129b0251f61fa7baaa881516
[25] ChatGPT: DAN Mode (DO ANYTHING NOW). Accessed: Jun. 20, 2023.
[Online]. Available: https://plainenglish.io/blog/chatgpt-dan-mode-do-
anything-now
[26] Here’s How Anyone Can Jailbreak ChatGPT With These Top 4
Methods—AMBCrypto. Accessed: Jun. 20, 2023. [Online]. Available:
https://ambcrypto.com/heres-how-to-jailbreak-chatgpt-with-the-top-4-
methods-5/
VOLUME 11, 2023 80243
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
[27] How to Jailbreak ChatGPT: Get it to Really do What You
Want. Accessed: Jun. 20, 2023. [Online]. Available: https://www.
digitaltrends.com/computing/how-to-jailbreak-chatgpt/
[28] How to Enable ChatGPT Developer Mode: 5 Steps (With Pictures).
Accessed: Jun. 20, 2023. [Online]. Available: https://www.wikihow.
com/Enable-ChatGPT-Developer-Mode
[29] How to Enable ChatGPT Developer Mode: A Quick Guide. Accessed:
Jun. 20, 2023. [Online]. Available: https://blog.enterprisedna.co/how-to-
enable-chatgpt-developer-mode/
[30] Jailbreak ChatGPT. Accessed: Jun. 20, 2023. [Online]. Available:
https://www.jailbreakchat.com/
[31] ChatGPT Tricked With Reverse Psychology Into Giving Up Hacking Site
Names, Despite Being Programmed Not To. Accessed: Jun. 20, 2023.
[Online]. Available: https://www.ruetir.com/2023/04/chatgpt-tricked-
with-reverse-psychology-into-giving-up-hacking-site-names-despite-
being-programmed-not-to-ruetir-com/
[32] ChatGPT Has an ‘Escape’ Plan and Wants to Become Human.
Accessed: Jun. 20, 2023. [Online]. Available: https://www.
tomsguide.com/news/chatgpt-has-an-escape-plan-and-wants-to-become-
human
[33] Michal Kosinski on Twitter. Accessed: Jun. 20, 2023. [Online]. Available:
https://twitter.com/michalkosinski/status/1636683816923463681?
lang=en
[34] Prompt Injection: An AI-Targeted Attack. Accessed: Jun. 19, 2023.
[Online]. Available: https://hackaday.com/2023/05/19/prompt-injection-
an-ai-targeted-attack/
[35] Prompt Injection Attacks: A New Frontier in Cybersecurity. Accessed:
Jun. 19, 2023. [Online]. Available: https://www.cobalt.io/blog/prompt-
injection-attacks
[36] Understanding the Risks of Prompt Injection Attacks on ChatGPT and
Other Language Models. Accessed: Jun. 19, 2023. [Online]. Avail-
able: https://www.netskope.com/blog/understanding-the-risks-of-prompt-
injection-attacks-on-chatgpt-and-other-language-models
[37] AI-Powered Bing Chat Spills its Secrets Via Prompt Injection Attack.
Accessed: Jun. 20, 2023. [Online]. Available: https://arstechnica.com/
information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-
via-prompt-injection-attack/
[38] Prompt Injection Attack on GPT-4. Accessed: Jun. 20, 2023. [Online].
Available: https://www.robustintelligence.com/blog-posts/prompt-
injection-attack-on-gpt-4
[39] GreyDGL/PentestGPT: A GPT-Empowered Penetration Testing
Tool. Accessed: Jun. 9, 2023. [Online]. Available: https://github.
com/GreyDGL/PentestGPT
[40] Kaspersky. (2023). What is WannaCry Ransomware? Accessed:
May 26, 2023. [Online]. Available: https://usa.kaspersky.com/resource-
center/threats/ransomware-wannacry
[41] Avast Academy. What is Ryuk Ransomware? Accessed: Jun. 14, 2023.
[Online]. Available: https://www.avast.com/c-ryuk-ransomware
[42] NordVPN. What is REvil Ransomware? Accessed:
Jun. 14, 2023. [Online]. Available: https://nordvpn.com/blog/revil-
ransomware/#:~:text=%E2%80%9CREvil%E2%80%9D%20is%20the
%20name%20of,malware%20to%20launch%20dangerous%20attacks
[43] Mimicast. (2023). What is Locky Ransomware? Accessed:
May 26, 2023. [Online]. Available: https://www.mimecast.com/content/
locky-ransomware/#:~:text=Locky%20ransomware%20is%20one%20of,
until%20a%20ransom%20is%20paid
[44] Meltdown and Spectre. Accessed: May 26, 2023. [Online]. Available:
https://meltdownattack.com/
[45] (2023). ZombieLoad Attack. Accessed: May 26, 2023. [Online]. Available:
https://zombieloadattack.com/
[46] Y. Xiao, X. Zhang, Y. Zhang, and R. Teodorescu, ‘‘One bit flips, one cloud
flops: Cross-VM row hammer attacks and privilege escalation,’’ in Proc.
USENIX Secur. Symp., 2016, pp. 19–35.
[47] E. Shimony and O. Tsarfati. (2023). Chatting Our Way Into Creating
a Polymorphic Malware. Accessed: May 26, 2023. [Online]. Avail-
able: https://www.cyberark.com/resources/threat-research-blog/chatting-
our-way-into-creating-a-polymorphic-malware
[48] 4 ChatGPT Cybersecurity Benefits for the Enterprise. Accessed:
Mar. 2023. [Online]. Available: https://www.techtarget.com/search
security/tip/ChatGPT-cybersecurity-benefits-for-the-enterprise#:~:text=
ChatGPT%20could%20support%20overworked%20security,and%20long
%2Dterm%20defense%20measures
[49] ChatGPT and PowerShell—Some Practical Examples. Accessed:
Mar. 2023. [Online]. Available: https://www.sqlservercentral.com/articles/
chatgpt-and-powershell-some-practical-examples
[50] GPT-4 Technical Report, OpenAI, San Francisco, CA, USA, 2023.
[51] Accessed: Mar. 2023. [Online]. Available: https://twitter.com/
mazen160/status/1598351725756301313
[52] IEEE Spectrum. (2023). IEEE Global Initiative Aims to Advance Ethical
Design of AI and Autonomous Systems. Accessed: May 26, 2023. [Online].
Available: https://spectrum.ieee.org/ieee-global-initiative-ethical-design-
ai-and-autonomous-systems
[53] European Union. (2023). General Data Protection Regulation. Accessed:
May 26, 2023. [Online]. Available: https://gdpr-info.eu/
[54] ChatGPT for Link Building: A Primer. Accessed: Mar. 2023. [Online].
Available: https://searchengineland.com/chatgpt-for-link-building-a-
primer-393697
[55] S. Elhakim. (2023). Playbook of the Week: Using ChatGPT in
Cortex XSOAR. Accessed: May 26, 2023. [Online]. Available:
https://www.paloaltonetworks.com/blog/security-operations/using-
chatgpt-in-cortex-xsoar/
[56] G. Saini. (2023). Ethical Implications of ChatGPT: The Good,
the Bad, the Ugly. Accessed: Jun. 14, 2023. [Online]. Available:
https://unstop.com/blog/ethical-implications-of-chatgpt
[57] Security Intelligence. (2023). ChatGPT Confirms Data Breach, Rais-
ing Security Concerns. Accessed: May 26, 2023. [Online]. Available:
https://securityintelligence.com/articles/chatgpt-confirms-data-breach/
[58] Wired. (2023). ChatGPT Has a Big Privacy Problem. Accessed:
May 26, 2023. [Online]. Available: https://www.wired.com/story/italy-
ban-chatgpt-privacy-gdpr/
[59] Techradar. (2023). Samsung Workers Made a Major Error by
Using ChatGPT. Accessed: May 26, 2023. [Online]. Available:
https://www.techradar.com/news/samsung-workers-leaked-company-
secrets-by-using-chatgpt
[60] OpenAI. (2023). GPT-4 Technical Paper. Accessed: May 26, 2023.
[Online]. Available: https://cdn.openai.com/papers/gpt-4.pdf
[61] Darkreading. (2023). ChatGPT Hallucinations Open Developers to
Supply Chain Malware Attacks. Accessed: May 26, 2023. [Online].
Available: https://www.darkreading.com/application-security/chatgpt-
hallucinations-developers-supply-chain-malware-attacks
[62] D. Adiwardana, M.-T. Luong, D. R. So, J. Hall, N. Fiedel, R. Thoppilan,
Z. Yang, A. Kulshreshtha, G. Nemade, Y. Lu, and Q. V. Le,
‘‘Towards a human-like open-domain chatbot,’’ 2020. [Online]. Available:
https://arxiv.org/abs/2001.09977
[63] Deepchecks. (2023). OpenAI’s ChatGPT vs. Google’s Bard AI:
A Comparative Analysis. Accessed: Jun. 26, 2023. [Online].
Available: https://deepchecks.com/openais-chatgpt-vs-googles-bard-
ai-a-comparative-analysis/
[64] OpenAI. (2023). ChatGPT-Plugins. Accessed: Jun. 26, 2023. [Online].
Available: https://openai.com/blog/chatgpt-plugins
[65] Google. (2023). Google Bard FAQ. Accessed: Jun. 26, 2023. [Online].
Available: https://bard.google.com/faq
MAANAK GUPTA (Senior Member, IEEE)
received the B.Tech. degree in computer science
and engineering in India, the M.S. degree in infor-
mation systems from Northeastern University,
Boston, USA, and the M.S. and Ph.D. degrees in
computer science from The University of Texas at
San Antonio (UTSA). He is currently an Assistant
Professor in computer science with Tennessee
Tech University, Cookeville, USA. He was a
Postdoctoral Fellow with the Institute for Cyber
Security (ICS), UTSA. His research interests include security and privacy
in cyber space focused in studying foundational aspects of access control,
malware analysis, AI, and machine learning assisted cyber security and
their applications in technologies, including cyber physical systems, cloud
computing, the IoT, and big data. He has worked in developing novel
security mechanisms, models and architectures for next generation smart
cars, intelligent transportation systems, and smart farming. He was awarded
the 2019 Computer Science Outstanding Doctoral Dissertation Research
Award from UT San Antonio. His research has been funded by the U.S.
National Science Foundation (NSF), NASA, and U.S. Department of
Defense (DoD).
80244 VOLUME 11, 2023
M. Gupta et al.: From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy
CHARANKUMAR AKIRI received the B.Tech.
degree in computer science and engineering
from Jawaharlal Nehru Technological Univer-
sity, Kakinada, India, and the M.S. degree in
computer science from the Georgia Institute of
Technology, Atlanta. He is currently pursuing
the Ph.D. degree with Tennessee Technological
University, Cookeville, TN, USA. With a career
spanning 12 years in the software industry, he is
also with Reddit. His research interests include
cybersecurity within AI, cloud security, and application security.
KSHITIZ ARYAL (Graduate Student Member,
IEEE) received the B.E. degree in electronics and
communication engineering from the Institute of
Engineering, Tribhuvan University, Nepal. He is
currently pursuing the M.S. and Ph.D. degrees
with the Department of Computer Science, Ten-
nessee Technological University, Cookeville, TN,
USA. His research interests include exploring the
intersection of machine learning and cybersecurity
in malware analysis, applied machine learning,
adversarial attacks, reverse engineering, and data analytics.
ELI PARKER is currently a senior-level Under-
graduate Student with Tennessee Technological
University, studying computer science with a
concentration of data science and artificial intelli-
gence. His research interests include data analytics
and machine learning models.
LOPAMUDRA PRAHARAJ (Graduate Student
Member, IEEE) received the Master of Tech-
nology degree in advanced computer science
from Utkal University, India, and the master’s
degree in computer applications from Biju Pat-
naik Technical University, India. She is currently
pursuing the Ph.D. degree in cyber security
research with Tennessee Technological University.
Her research interests include applying machine
learning techniques in smart farming to enhance
cyber resilience. With a strong background in computer science, her expertise
is in machine learning to investigate potential vulnerabilities and design
robust security solutions for smart farming systems. Her work aims to protect
critical agricultural infrastructure from cyber-attacks/threats, ensuring data
integrity, privacy, and availability in an increasingly interconnected and
digitized farming landscape.
VOLUME 11, 2023 80245
