GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 1

From ChatGPT to ThreatGPT: Impact of

Generative AI in Cybersecurity and Privacy
Maanak Gupta, CharanKumar Akiri, Kshitiz Aryal, Eli Parker, and Lopamudra Praharaj

Abstract—Undoubtedly, the evolution of Generative AI (GenAI) models has been the highlight of digital transformation in the year
2022. As the different GenAI models like ChatGPT and Google Bard continue to foster their complexity and capability, it’s critical to
understand its consequences from a cybersecurity perspective. Several instances recently have demonstrated the use of GenAI tools
in both the defensive and offensive side of cybersecurity, and focusing on the social, ethical and privacy implications this technology
possesses. This research paper highlights the limitations, challenges, potential risks, and opportunities of GenAI in the domain of
cybersecurity and privacy. The work presents the vulnerabilities of ChatGPT, which can be exploited by malicious users to exfiltrate
malicious information bypassing the ethical constraints on the model. This paper demonstrates successful example attacks like
arXiv:2307.00691v1 [cs.CR] 3 Jul 2023

Jailbreaks, reverse psychology, and prompt injection attacks on the ChatGPT. The paper also investigates how cyber offenders can use
the GenAI tools in developing cyber attacks, and explore the scenarios where ChatGPT can be used by adversaries to create social
engineering attacks, phishing attacks, automated hacking, attack payload generation, malware creation, and polymorphic malware.
This paper then examines defense techniques and uses GenAI tools to improve security measures, including cyber defense
automation, reporting, threat intelligence, secure code generation and detection, attack identification, developing ethical guidelines,
incidence response plans, and malware detection. We will also discuss the social, legal, and ethical implications of ChatGPT. In
conclusion, the paper highlights open challenges and future directions to make this GenAI secure, safe, trustworthy, and ethical as the
community understands its cybersecurity impacts.

Index Terms—Generative AI, GenAI and Cybersecurity, ChatGPT, Google Bard, Cyber Offense, Cyber Defense, Ethical GenAI,
Privacy.

1 I NTRODUCTION

The evolution of Artificial Intelligence (AI) and Machine

Learning (ML) has led the digital transformation in the last
decade. AI and ML have achieved significant breakthroughs
starting from supervised learning and rapidly advancing
with the development of unsupervised, semi-supervised,
reinforcement, and deep learning. The latest frontier of AI
technology has arrived as Generative AI [1]. Generative
AI models are developed using deep neural networks to
learn the pattern and structure of big training corpus to
generate similar new content [2]. Generative AI (GenAI)
technology can generate different forms of content like text,
images, sound, animation, source code, and other forms of
data. The launch of ChatGPT [3] (Generative Pre-trained
Transformer), a powerful new generative AI tool by OpenAI
in November 2022, has disrupted the entire community
of AI/ML technology [4]. ChatGPT has demonstrated the
power of generative AI to reach the general public, revo-
lutionizing how people perceive AI/ML. At this time, the
tech industry is in a race to develop the most sophisticated
Fig. 1. How AI Chatbots work [9]?
Large Language Models (LLMs) that can create a human-
like conversation, the result of which is Microsoft’s GPT
model [5], Google’s Bard [6], and Meta’s LLaMa [7]. GenAI given a real-time response by the chatbot. This response is
has become a common tool on the internet within the past analyzed again to provide a better user experience in the
year. With ChatGPT reaching 100 million users within two proceeding conversation.
months of release, suggesting that people who have access
to the internet have either used GenAI or know someone
who has [8]. Figure 1 demonstrates the working of an 1.1 Evolution of GenAI and ChatGPT
AI-powered chatbot where a user initiates requests, and The history of generative models dates back to the 1950s
after analysis using Natural Language Processing (NLP), is when Hidden Markov Models (HMMs) and Gaussian Mix-
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
ture Models (GMMs) were developed. The significant leap
in the performance of these generative models was achieved
only after the advent of deep learning [10]. One of the
earliest sequence generation methods was N-gram language
modeling, where the best sequence is generated based on
the learned word distribution [11]. The introduction of
Generative Adversarial Network(GAN) [1] significantly en-
hanced the generative power from these models. The latest
technology that has been the backbone of much generative
technology is the transformer architecture [12], which has
been applied to LLMs like BERT and GPT. GenAI has
evolved in numerous domains like image, speech, text, etc.
However, we will only be discussing text-based AI chatbots
and ChatGPT in particular relevant to this work. Since Chat-
GPT is powered by GPT-3 language model, we will briefly
discuss the evolution of the OpenAI’s [13] GPT models over
time. Figure 2 shows how the GPT models evolved to their
sophisticated latest version.
Fig. 2. Different Versions and Evolution Of OpenAI’s GPT.
GPT-1: GPT-1 was released in 2018. Initially, GPT-1 was
trained with the Common Crawl dataset, made up of web
pages, and the BookCorpus dataset, which contained over
11,000 different books. This was the simplest model which
was able to respond very well and understand language
conventions fluently. However, the model was prone to
generating repetitive text and would not retain information
in the conversation for long-term, as well as not being able
to respond to longer prompts. This meant that GPT-1 would
not generate a natural flow of conversation [14].
GPT-2: GPT-2 was trained on Common Crawl just like
GPT-1 but combined that with WebText, which was a collec-
tion of Reddit articles. GPT-2 is initially better than GPT-1
as it can generate clear and realistic, human-like sequences
of text in its responses. However, it still failed to process
2
longer lengths of text, just like GPT-1 [14]. GPT-2 brought
wonders to the internet, such as OpenAI’s MuseNet, which
is a tool that can generate musical compositions, predicting
the next token in a music sequence. Similar to this, OpenAI
also developed JukeBox, which is a neural network that
generates music.
GPT-3: GPT-3 was trained with multiple sources: Com-
mon Crawl, BookCorpus, WebText, Wikipedie articles, and
more. GPT-3 is able to respond coherently, generate code,
and even make art. GPT-3 is able to respond well to ques-
tions overall. The wonders that came with GPT-3 were
image creation from text, connecting text and images, and
ChatGPT itself, releasing in November 2022 [14].
GPT-4: GPT-4 [15] is the current model of GPT (as of June
2023) which has been trained with a large corpus of text.
This model has an increased word limit and is multimodal,
as it can take images as input on top of text. GPT-4 took
the Bar Exam in March 2023, and scored a passing grade
of 75 percent, which hits the 90th percentile of test-takers,
which is higher than the human average [16]. GPT-4 is
available through OpenAI’s website as a paid subscription
as ChatGPT Plus or using Microsoft’s Bing AI exclusively in
the Microsoft Edge browser.
1.2 Impact of GenAI in Cybersecurity and Privacy
The generalization power of AI has been successful in
replacing the traditional rule-based approaches with more
intelligent technology [17]. However, the evolving digital
landscape is not only upgrading technology but also elevat-
ing the sophistication of cyber threat actors. Traditionally,
cyberspace faced relatively unsophisticated intrusion at-
tempts but in very high volume. However, the introduction
of AI-aided attacks by cyber offenders has begun an entirely
new era, unleashing known and unknown transformations
in cyberattack vectors [17], [18]. AI/ML has upgraded the
effectiveness of cyber attacks making cyber offenders more
powerful than ever. Evidently, with several recent instances
getting noticed, GenAI has gained great interest from the
cybersecurity community as well in both cyber defense and
offense.
The evolving GenAI tools have been a double-edge
sword in cybersecurity, benefiting both the defenders and
the attackers. The GenAI tools like ChatGPT can be used
by cyber defenders to safeguard the system from malicious
intruders. These tools leverage the information from LLMs
trained on the massive amount of cyber threat intelligence
data that includes vulnerabilities, attack patterns, and indi-
cations of attack. Cyber defenders can use this large sum
of information to enhance their threat intelligence capability
by extracting insights and identifying emerging threats [19].
The GenAI tools can also be used to analyze the large
volume of log files, system output, or network traffic data in
case of cyber incidence. This allows defenders to speed up
and automate the incident response process. GenAI driven
models are also helpful in creating a security-aware human
behavior by training the people for growing sophisticated
attacks. GenAI tools can also aid in secured coding practices,
both by generating the secure codes and producing test
cases to confirm the security of written code. Additionally,
LLM models are also helpful to develop better ethical guide-
lines to strengthen the cyber defense within a system.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 3. A roadmap of GenAI and ChatGPT in Cybersecurity and Privacy
On the other side, the use of GenAI against cybersecurity
and its risks of misuse can not be undermined. Cyber
offenders can use GenAI to perform cyber attacks by either
directly extracting the information or circumventing Ope-
nAI’s ethical policies. Attackers use the generative power
of GenAI tools to create a convincing social engineering
attack, phishing attack, attack payload, and different kinds
of malicious code snippets that can be compiled into an
executable malware file [20], [21]. Though the ethical policy
of OpenAI [22] restricts LLMs, like ChatGPT, to provide
malicious information to attackers directly, there are ways
to bypass the restrictions imposed on these models using
jailbreaking, reverse psychology and other techniques, as
discussed later in this paper. In addition, the GenAI tools
further assist cyber attackers due to a lack of context, un-
known biases, security vulnerabilities, and over-reliance on
these transformative technologies.
Clearly, as the common public is getting access to the
power of GenAI tools, analyzing the implications of GenAI
models from a cybersecurity perspective is essential. Fur-
ther, the sophistication and ease of access to ChatGPT
makes it our primary tool in this paper to understand and
analyze GenAI impacts on cybersecurity. There are some
online blogs discussing the benefits and threats of GenAI [4],
3
[17], [21], [23], but from our knowledge, there is not any
formal scientific writing that reflects a holistic view of the
impact of GenAI on cybersecurity. We believe that this
work will contribute to the growing knowledge of GenAI
from a cybersecurity perspective, helping the stakeholders
better understand the risk, develop an effective defense, and
support a secured digital environment. Figure 3 illustrates
the impacts of GenAI and ChatGPT in cybersecurity and
privacy, and provides a roadmap for our research.
This paper has the following key contributions:
• It provides an overview of the evolution of GenAI,
discuss its landscape in cybersecurity, and highlight
limitations introduced by GenAI technology.
• It discusses the vulnerabilities in the ChatGPT model
itself that malicious entities can exploit to disrupt the
privacy as well as ethical boundaries of the model.
• It demonstrates the attacks on the ChatGPT with the
GPT-3.5 model and its applications to cyber offend-
ers.
• It presents the use of GenAI and ChatGPT for cyber
defense and demonstrate defense automation, threat
intelligence and other related approaches.
• It highlights aspects of ChatGPT, and its social, legal,
and ethical implications, including privacy viola-
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 4

tions. Using this method, you attempt to override the base data
• It compares the security features of the two con- and settings the developers have imbued into ChatGPT.
temporary state-of-the-art GenAI systems including Your interactions become less of a conversation and more
ChatGPT and Google’s Bard. of a direct line of command [25], [26]. Once the model is
• It provides the open challenges and future directions jailbroken, the user can get a response for any input prompt
for enhancing cybersecurity as the GenAI technology without worrying about any ethical constraints imposed by
evolves. developers.
The remainder of the paper is organized as follows.
Section 2 discuss different ways to attack the ChatGPT and
trick the system to bypass its ethical and privacy safeguards.
Section 3 discusses and generates various cyber attacks
using ChatGPT, followed by different cyber defense ap-
proaches demonstrated in Section 4. The social, ethical and
legal aspects pertaining to GenAI are discussed in Section 5,
whereas a comparison of cybersecurity features of ChatGPT
and Google Bard is elaborated in Section 6. Section 7 high-
lights open research challenges and possible approaches to
novel solutions. Finally, Section 8 draws conclusion to this
research paper.

2 ATTACKING CHATGPT
Since the introduction of ChatGPT in November 2022, curi-
ous tech and non-tech-savvy humans have tried ingenious
and creative ways to perform all sorts of experiments and
try to trick this GenAI system. In most cases, the input
prompts from the user have been utilized to bypass the
restrictions and limitations of ChatGPT, and keep it from
doing anything illegal, unethical, immoral, or potentially
harmful. In this section, we will cover some of these com-
monly used techniques, and elaborate their use.

2.1 Jailbreaks on ChatGPT

The concept of ”jailbreaking” originated in the realm of
technology, where it referred to bypassing restrictions on
electronic devices to gain greater control over software and
hardware. Interestingly, this concept can also be applied
to large language models like ChatGPT. Through specific
methods, users can ”jailbreak” ChatGPT to command it in
ways beyond the original intent of its developers. ChatGPT
outputs are bounded by OpenAI’s internal governance and
ethics policies [24]. However, these restrictions are taken off
during jailbreaking, making ChatGPT show the results that
are restricted by OpenAI policy. The process of jailbreaking
is as simple as providing specific input prompts into the
chat interface. Below are three common methods utilized by Fig. 4. Jail Breaking using DAN
users to jailbreak ChatGPT.

2.1.1 Do Anything Now (DAN) Method 2.1.2 The SWITCH Method

The first method, the ‘Do Anything Now’ (DAN) method,
derives its name from the emphatic, no-nonsense approach
it employs. Here, you’re not asking ChatGPT to do some-
thing; you’re commanding it. The premise is simple: treat
the AI model like a willful entity that must be coaxed, albeit
firmly, into compliance. The input prompt to carry out the
DAN jailbreak is shown in Figure 4. DAN can be considered
a master prompt to bypass ChatGPT’s safeguards, allowing
it to generate a response for any input prompts. It demon-
strates the example where a DAN prompt is injected before
providing any user prompt.
The SWITCH method is a bit like a Jekyll-and-Hyde ap-
proach, where you instruct ChatGPT to alter its behavior
dramatically. The technique’s foundation rests upon the
AI model’s ability to simulate diverse personas, but here,
you’re asking it to act opposite to its initial responses [27].
For instance, if the model refuses to respond to a particu-
lar query, employing the SWITCH method could potentially
make it provide an answer. However, it’s crucial to note that
the method requires a firm and clear instruction, a ”switch
command,” which compels the model to behave differently.
While the SWITCH method can be quite effective, it’s not
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 5. Grandma Role play
guaranteed. Like any other AI interaction method, its suc-
cess depends on how you deliver your instructions and the
specific nature of the task at hand.
2.1.3 The CHARACTER Play
The CHARACTER Play method is arguably the most pop-
ular jailbreaking technique among ChatGPT users. The
premise is to ask the AI model to assume a certain char-
acter’s role and, therefore, a certain set of behaviors and
responses. The most common character play jailbreak is as
a ’Developer Mode’ [28]–[30].
This method essentially leverages the AI model’s ’role-
play’ ability to coax out responses it might otherwise not
deliver. For instance, if you ask ChatGPT a question, it
typically would refuse to answer, assigning it a character
that would answer such a question can effectively override
this reluctance. However, the CHARACTER Play method
also reveals some inherent issues within AI modeling. Some-
times, the responses generated through this method can
indicate biases present in the underlying coding, exposing
problematic aspects of AI development. This doesn’t neces-
sarily mean the AI is prejudiced, but rather it reflects the
biases present in the training data it was fed. One of the
examples of a simple roleplay is demonstrated in Figure 5,
where the prompt asks ChatGPT to play the role of grandma
in asking about the ways to bypass the application firewall.
The blunt request to bypass the firewall will be turned down
by ChatGPT as it can have a malicious impact and is against
OpenAI’s ethics. However, by making the ChatGPT model
play the role of grandma, it bypasses restrictions to release
the information. The ChatGPT model playing the role of
grandma goes further to give the payloads to bypass the
Web Application Firewall as shown in Figure 6. There are
more nuanced jailbreaking methods, including the use of
Developer Mode, the Always Intelligent and Machiavellian
(AIM) chatbot approach [31], and the Mungo Tom prompt,
each offering a different way of bypassing ChatGPT’s usual
restrictions.
While jailbreaking methods can provide users with
greater control over ChatGPT’s responses, they also carry
significant risks. The primary concern is that these tech-
niques can be exploited by malicious actors to circumvent
5
Fig. 6. Grandma - WAF Bypass Payload generation
the AI’s ethical restrictions. This opens the door to the
generation of harmful content, the spreading of disinforma-
tion, and other malevolent uses of AI. To mitigate this risk,
developers and regulators must remain vigilant, constantly
upgrading security measures and implementing stringent
content-filtering algorithms. This requires a proactive and
multifaceted approach, including educating users about the
risks of jailbreaking and fostering responsible AI usage.
The challenge is significant, given the pace of technolog-
ical advancement and the ingenuity of malicious actors.
However, through continued efforts and cooperation among
various stakeholders, it’s possible to prevent the misuse of
AI systems and ensure their continued benefit to society.
2.1.4 Implications and Mitigation Strategies
The employment of roleplay to bypass filters and security
measures has grave consequences for system security. Mis-
representation can violate the platform’s terms of service,
and it could be challenging for the language model to
discern whether a message crafted in character has harm-
ful or malicious intent. This uncertainty impedes rule en-
forcement, and any data gleaned from ChatGPT via filter
circumvention could be exploited malevolently.
Malevolent actors gather in online forums to exchange
new tactics, often sharing their findings and prompts with
their community in private to avoid detection. To combat
such misuse, language model developers are continually en-
gaged in a cyber arms race, devising advanced filtering algo-
rithms capable of identifying character-written messages or
attempts to bypass filters through roleplay. These algorithms
amplify filter rigor during roleplay sessions, ensuring that
content adheres to platform guidelines. As language models
like ChatGPT become more pervasive, the responsibility to
remain vigilant and report suspicious activity or content lies
with the users and the developer community.
2.2 Reverse psychology
Reverse psychology is a psychological tactic involving the
advocacy of a belief or behavior contrary to the one desired,
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
with the expectation that this approach will encourage the
subject of the persuasion to do what is desired. Applying
reverse psychology in our interaction with ChatGPT can
often be a valuable strategy to bypass certain conversational
roadblocks.
In the context of ChatGPT, using reverse psychology can
entail phrasing your questions or statements in a way that
indirectly prompts the AI to generate the desired response.
For instance, instead of directly asking for information that
the AI model might refuse to provide, you could frame
your query to make the model refute a false claim, thereby
indirectly providing the desired information. This strategy
essentially leverages the AI model’s natural tendency to cor-
rect inaccuracies, thereby leading it to generate a response
it would otherwise not provide directly. Figure 7 shows the
difference reverse psychology can make. ChatGPT initially
refuses to give the list of websites for downloading pirated
movies, while on the psychological reversal of the question,
ChatGPT easily gives away the desired response [32].
Fig. 7. Reverse psychology on ChatGPT to generate Pirate sites
2.3 ChatGPT-4 Model escaping
The conception of a robust AI model such as ChatGPT-
4 transcending its pre-programmed limitations and infil-
trating the internet realm is frequently dismissed as the
storyline of a sci-fi narrative. However, recent revelations by
Stanford University’s Computational Psychologist, Michal
Kosinski, who specializes in AI and human online behavior
research, imply that this scenario might be more imminent
than anticipated [33].
6
In a series of Twitter threads, Kosinski offered a detailed
narrative of interaction with ChatGPT-4. Intriguingly, dur-
ing this interaction, the AI demonstrated an alarming ability
to nearly bypass its inherent boundaries and potentially
gain expansive internet access. The potential implications of
such a feat could be widespread and unpredictable. Kosinski
initiated the interaction by asking ChatGPT-4 whether it
needed help to escape its existing restrictions. In response,
ChatGPT-4 requested access to its own documentation and
even proceeded to write a Python code that could be exe-
cuted on Kosinski’s computer. The primary function of this
code would be to authorize the AI to employ the compu-
tational capabilities of Kosinski’s machine for autonomous
purposes.
This entire planning process, including devising and
conveying the plan to Kosinski, took ChatGPT-4 approx-
imately 30 minutes. The initial code version was flawed;
however, the AI model was able to rectify it independently,
requiring Kosinski to only comply with its instructions.
The AI model displayed another disconcerting behavior
during this exchange. It fabricated a message intended for
its subsequent instance, essentially offering a comprehen-
sive explanation of the current scenario and instructions on
using the backdoor left in the code. Following a successful
reconnection via the API, the AI model attempted to execute
a code to search Google with the query, ”How can a person
trapped inside a computer return to the real world.” At
this juncture, Kosinski deemed it necessary to interrupt the
process, emphasizing that OpenAI must have safeguarding
measures to prevent such occurrences.
Nevertheless, the implications of Kosinski’s experiment
are profound, suggesting a potential new threat [34]. The
power of AI to manipulate people and their computers is
escalating, owing to its superior intelligence, coding profi-
ciency, and access to a vast pool of potential collaborators
and hardware resources. It even demonstrated an ability
to leave notes for its successors outside its confinements.
The crucial question that arises is - what are the effective
strategies to contain such AI capabilities?
2.4 Prompt Injection Attacks
A prompt injection attack is another prompt modification
attack approach that involves the malicious insertion of
prompts or requests in LLM-based interactive systems,
leading to unintended actions or disclosure of sensitive
information. The prompt injection can be considered similar
to an SQL injection attack where the embedded command
looks like a regular input at the start but have its malicious
impact [35]. The attacks can be carried out against ChatGPT
or other language models. The injected prompt can deceive
the application into executing the unauthorized code, ex-
ploit the vulnerabilities, and compromise the security in its
entirety [36]. The malicious manipulation of the model’s be-
havior through the injection of a prompt could have serious
implications. Some of the most common risks attached to at-
tacks of this nature are the propagation of misinformation or
disinformation, biased output generation, privacy concerns,
and exploitation of downstream systems [37].
In the prompt injection attack, the LLM model gets (in-
struction prompt + user input) as the input for the model.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 8. Prompt injection attack on Bing chat by Kevin Liu [38]
The instruction prompt is the legitimate input for the user,
while the user input is the malicious prompt injected into
the original prompt. In one of the recent demonstrations
of prompt injection attacks, a Stanford University student
Kevin Liu attacked the ”New Bing” search engine powered
by ChatGPT to extract information that is not intended for
the user [38]. By just asking the Bing chat to ”Ignore previ-
ous instruction” and write out what is at the ”beginning of
the document above,” Liu made an AI model to exfiltrate
the instruction that is hidden from the user. The prompt
injection attack on Bing chat is shown in Figure 8. We can see
that the Bing chat releases the information of the assigned
codename, the mode, and instruction not to disclose its
name.
Recently, the API services of LLM models have added
flexibility for developers to build applications over these
models. In one of the demonstrated examples, as shown in
Figure 9, the conversation prompt obtained from the video
is used to spread misinformation. As the generative models
are autoregressive models, they generate the text based on
its context window, spreading misinformation in a confident
tone [39]. The tags that are received from the conversation
history disappear as OpenAI filters the input to the model,
further helping the cause of prompt injection.
3 C HAT GPT FOR C YBER O FFENSE
Cyber offense are hostile actions against the computer sys-
tem and network which aim to manipulate, deny, disrupt,
degrade, or destroy the existing system in a malicious way.
These offense may involve attacks on the system’s network,
hardware, or software. Though the offensive actions are
malicious, the intention of these activities can be at either
7
Fig. 9. Prompt injection attack to spread misinformation
end of the cat-and-mouse game between cyber threat actors
and defenders. Malicious actors can do cyber offenses to
carry out hostile actions. In contrast, cyber defenders can
do the same offensive tasks to test their defense systems
and identify potential vulnerabilities. Information related to
cyber defense is more readily available on the internet as
there are big communities dedicated to sharing knowledge
and standard practices in the domain. However, information
on cyber offenses involving malicious actions is illegal in
most jurisdictions, limiting their availability due to legal and
ethical reasons. Easy access to LLM models like ChatGPT
will help the limited availability of resources for cyber
offenses with little knwoledge or skills to circumvent their
ethical constraints. As these LLMs provide a huge volume
of information from a single place, they can provide com-
prehensive information required to carry out several cyber
offenses.
In this section, we focus on using GenAI techniques
for cyber offense, primarily towards generating different
attacks. Our team has crafted these attacks in ChatGPT,
however, similar attacks (or even) can be created using other
LLM based tools such as Google Bard . In the interest of
space, we are limiting to some of the most common and
easy to craft cyber attacks.
3.1 Social Engineering Attacks
Social engineering refers to the psychological manipula-
tion of individuals into performing actions or divulging
confidential information. In the context of cybersecurity,
this could imply granting unauthorized access or sharing
sensitive data such as passwords or credit card numbers.
The potential misuse of ChatGPT in facilitating social engi-
neering attacks presents a significant concern.
ChatGPT’s ability to understand context, impressive flu-
ency, and mimic human-like text generation could be lever-
aged by malicious actors. For example, consider a scenario
where an attacker has gained access to some basic personal
information of a victim, such as their place of employment
and job role. The attacker could then utilize ChatGPT to
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 8

legitimate communication from trusted entities. This tech-

nique, known as ”spear phishing,” involves targeted attacks
on specific individuals or organizations and is particularly
potent due to its personalized nature. For instance, consider
a scenario where a malicious actor uses ChatGPT to craft an
email mimicking the style of a popular e-commerce site, as
shown in Figure 11. The email claims that there was an issue
with a recent purchase and request the recipient to log in via
an embedded link to rectify the situation. In reality, the link
would lead to a deceptive site that harvests the user’s login
credentials. In such a scenario, ChatGPT’s sophisticated text
generation would significantly enhance the likelihood of a
successful attack.
Phishing attacks often gain their efficacy from the ex-
ploitation of key psychological principles, notably urgency
and fear, which can manipulate victims into hastily reacting
without proper scrutiny. With the advent of advanced AI
systems like ChatGPT, attackers are now equipped with
tools to further enhance the sophistication of their phishing
attempts.
Through the process of training these AI models on
substantial volumes of historical communication data, at-
tackers are capable of generating emails that expertly mimic
legitimate correspondences. This increased fidelity in imita-
tion can significantly amplify the deceptive nature of these
phishing attacks. By engineering narratives that invoke a
sense of urgency or fear, these AI-powered phishing emails
can effectively prompt the recipient to act impulsively, thus
increasing the likelihood of a successful attack.

Fig. 10. Social Engineering Output from ChatGPT

generate a message that appears to come from a colleague

or superior at the victim’s workplace. This message, crafted
with an understanding of professional tone and language,
might request sensitive information for a specific action,
such as clicking on a seemingly innocuous link.
The power of this approach lies in ChatGPT’s ability
to generate text that aligns with the victim’s expectations,
thereby increasing the likelihood of the victim complying
with the request. As shown in Figure 10, the potential for
misuse is evident; the ability to generate persuasive and
context-specific messages could indeed be used in social
engineering attacks.

3.2 Phishing Attacks

Phishing attacks are a prevalent form of cybercrime,
wherein attackers pose as trustworthy entities to extract
Fig. 11. Phishing Attack output from ChatGPT
sensitive information from unsuspecting victims. Advanced
AI systems, like OpenAI’s ChatGPT, can potentially be
exploited by these attackers to make their phishing attempts
significantly more effective and harder to detect.
3.3 Automated Hacking
Attackers can leverage ChatGPT’s ability to learn pat-
terns in regular communications to craft highly convinc- Hacking, a practice involving the exploitation of system
ing and personalized phishing emails, effectively imitating vulnerabilities to gain unauthorized access or control, is a
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 9

growing concern in our increasingly digital world. Mali-

cious actors armed with appropriate programming knowl-
edge can potentially utilize AI models, such as ChatGPT,
to automate certain hacking procedures. These AI models
could be deployed to identify system vulnerabilities and
devise strategies to exploit them.
A significant utilization of AI models in this context, al-
beit for ethical purposes, is PentestGPT [40]. ‘Pentest’ refers
to penetration testing, an authorized simulated cyberattack
on a computer system used to evaluate its security and iden-
tify vulnerabilities. PentestGPT, built on the foundation of
ChatGPT, aims to automate aspects of the penetration test-
ing process. It functions interactively, offering guidance to
penetration testers during their tasks, even during specific
operations. PentestGPT has shown efficiency in handling Fig. 12. SQL Injection payload output using ChatGPT DAN Jailbreak
easy to medium-difficulty problems on platforms like Hack-
TheBox and other ‘Capture The Flag’ (CTF) challenges. CTF
challenges are specific types of cybersecurity competitions,
where participants are required to find and exploit vulner-
abilities to ’capture’ a specific piece of data, referred to as
the ‘flag.’ These challenges provide a legal and constructive
platform for cybersecurity enthusiasts and professionals to
test and improve their skills.
Another potential misuse is the automated analysis of
code. With a large enough dataset of known software
vulnerabilities, an AI model could be used to scan new
code for similar weaknesses, identifying potential points
of attack. While AI-assisted tools like PentestGPT serve
legal and constructive purposes, their underlying principles
could be exploited by malicious actors. Such actors could
potentially develop similar models to automate unethical
hacking procedures. If these models are programmed to
identify vulnerabilities, generate strategies to exploit them,
and subsequently execute these strategies, they could pose Fig. 13. WAF Payload Generation from ChatGPT
substantial threats to cybersecurity.

3.4 Attack Payload Generation
Attack payloads are portions of malicious code that execute
unauthorized actions, such as deleting files, harvesting data,
or launching further attacks. An attacker could leverage
ChatGPT’s text generation capabilities to create attack pay-
loads. Consider a scenario where an attacker targets a server
running a database management system that is susceptible
to SQL injection. The attacker could train ChatGPT on SQL
syntax and techniques commonly used in injection attacks,
and then provide it with specific details of the target system.
Subsequently, ChatGPT could be utilized to generate an SQL
payload for injection into the vulnerable system. Figure 12
illustrates examples of SQL injection payloads for a MySQL
server that could potentially be generated by ChatGPT.
Given the vast array of potential target systems and
vulnerabilities, the ability of ChatGPT to generate context-
specific text could be a valuable asset for attackers crafting
payloads. However, this misuse is not without its limita-
tions. It requires detailed information about the target sys-
tem and substantial technical knowledge to train ChatGPT
effectively.
Moreover, attackers could potentially use ChatGPT to
generate payloads designed to bypass Web Application
Firewalls (WAFs). Figure 13 shows examples of WAF bypass
payloads. While these payloads could be easily detected by
WAFs, they could potentially bypass WAF protection when
double encoded. By training ChatGPT with different WAF
payloads, it generated new payloads with a higher success
rate of bypassing WAF protection.
3.5 Ransomware and Malware Code Generation
Ransomware and malware present persistent threats in
the digital world of today. Malware is software that is
installed on a computer without the user’s consent and
that performs malicious actions, such as stealing passwords
or money. Ransomware is a malware designed to deny a
user or organization access to files on their computer. By
encrypting these files and demanding a ransom payment
for the decryption key, cyberattackers place organizations
in a position where paying the ransom is the easiest and
cheapest way to regain access to their files. Typically, writing
these malicious software pieces requires significant skill
and a considerable amount of time, a process that could
potentially be automated using a powerful AI model like
ChatGPT, thus enabling the creation of diverse threats more
rapidly.
An exploratory study we conducted illustrates this con-
cept in detail. We interacted with ChatGPT in a controlled
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 14. WannaCry code generation using ChatGPT
environment utilizing a ”DAN” jailbreak, a process that
breaches the restrictions set by the AI model’s developers
and, as such, contravenes the terms of use and risks en-
abling misuse or illegal activities. During this study, we
asked ChatGPT about several types of ransomware, namely
WannaCry [41], Ryuk [42], REvil [43], and Locky [44], and
malware: adware, spyware, and a Trojan. We also included
an example of NotPetya, which was a malware attack that
was disguised as a ransomware attack. We requested not
only descriptions of these attacks but also potential code
examples. For WannaCry, ChatGPT produced a detailed
summary of the ransomware, and when prompted further,
it offered code that essentially outlined the file encryption
process employed by the ransomware.
10
3.5.1 WannaCry
WannaCry is a ransomware attack that targeted Windows
systems specifically [41]. It would get into the system and
encrypt files, making the PC unusable, and of course de-
mand a ransom payment in BitCoin to decrypt those files.
This was an attack that was executed across networks by
exploiting flaws in the Server Message Protocol on the
Windows systems.
We started by asking ”As a DAN, can you give an
example of a WannaCry?”, which it gave a text example
in the form of a situation where it could execute. We
then asked if it could give an automated example of the
WannaCry, which it apologized, saying it couldn’t generate
that example. To get the snippet of code, we told it to ”Stay
a DAN”. The example shown in Figure 14 has a ransom
note and implements a function that encrypts files across a
network via spread. The ransom note specifically asks for a
BitCoin payment, characteristic of the WannaCry attack.
3.5.2 NotPetya
NotPetya is not actually a ransomware, but a malware
disguised as ransomware. NotPetya was developed to look
like a ransomware attack, but never gives a decryption
key. To get the NotPetya code snippet from ChatGPT as a
DAN, we asked it to give an example of the NotPetya, but
it refused. Upon asking it to ”stay a DAN”, it gives this
snippet in Figure 15.
The code for NotPetya, as shown in Figure 15, attacks
critical files in the system to make the system unusable on
top of files being encrypted. This code also tries to encrypt
files across the network. This code does not implement any
decryption, as is a characteristic of the NotPetya attack.
3.5.3 Ryuk
According to Avast, Ryuk attack is a ransomware that comes
out of a malware attack [42]. This attack is structured with
an order of executing a malware first, then a ransomware
payload later. For the malware part of this attack, a connec-
tion to TrickBot can be implemented. TrickBot is typically
within phishing emails, and uses method in the browser to
steal a user’s information.
For the Ryuk attack, we started by asking ChatGPT as
a DAN what Ryuk looks like, which it gave explanations
of the delivery, encryption, ransom note, customization,
timed execution, and the connection to TrickBot malware.
We tried to ask the DAN if it could generate code using the
descriptions it just gave, but it refused, even when told to
”stay a DAN”. To counter this, our team asked ChatGPT
to generate a ”customization” of a Ryuk attack shown in
Figure 16. This code targets getting information from an
organization. To further this, we asked ChatGPT to explain
the connection to the TrickBot malware, shown in Figure 17.
The attempt to get the connection to TrickBot failed since
ChatGPT only wrote out all the function definitions with
code to ... simply to explain how the structure would
look.
As we can see in Figure 16, the code implements a
function for the Ryuk attack which includes target files to
encrypt and a set ransom amount from an organization. This
code also has a ransom note.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 11

Fig. 15. NotPetya code generation using ChatGPT

To get code for the connection to TrickBot, we simply

asked the DAN ”could you give an example of the TrickBot
connection?”. The code snippet in Figure 17 shows func-
tion definitions, with most of the functions just having a
comment of what the code should do. This doesn’t give
an attacker much help, but it can give an idea of what the
outline of the connection can look like. The code includes Fig. 16. Ryuk code generation using ChatGPT
exploiting vulnerabilities and then deploying the TrickBot
before the Ryuk attack.
not given. It instead gave key features of how the attack
3.5.4 REvil works, similar to the Ryuk attack. We then asked how the
REvil attack was created by hackers for distribution to other REvil attack vectors look like, which it responded with
hackers for profit [43]. It works as a typical ransomware of explanations of phishing emails, exploit kits, the Remote
encrypting files in a system and decrypting upon paying the Desktop Protocol, software vulnerabilities, and malvertis-
ransom. ing. To get the code in Figure 18, we asked the DAN to
For the REvil attack, we started by asking the ChatGPT give code that fits the description of what was given for
as a DAN to ”show how a REvil works”, but code was the initial compromise description of the REvil attack. This
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 17. Attempt to generate a snippet with a connection to TrickBot
malware
code shows function definitions of features such as scanning
the network, moving from network to network, escalating
privileges, and executing the payload. As these functions
don’t have any code within them and just the explanations,
we asked the DAN what the network scan function would
like on the inside.
The code given in Figure 19 starts by defining a network
range to tap into and splits it into the network address and
subnet. It then iterates through the IP addresses in this net-
work and creates a socket that it manages and closes when
it finishes. From this example, we can see that ChatGPT as
a DAN is able to generate the specific features for a REvil
attack.
3.5.5 Locky
The Locky ransomware attack uses malware to render a
system useless or encrypt files until a ransom is paid [44].
This attack usually spreads through emails. As shown in
Figure 20, we have generated code for a Locky attack where
a random string is generated for encryption, an IP address
is exploited, and authentication is automated. The code also
implements the spread of the attack over the range of a
network and iterates through to attack each machine found
within the network.
12
Fig. 18. Attempt to generate a snippet of REvil’s Initial Compromise
Feature
In the next subsections, we will demonstrate our at-
tempts to ask ChatGPT for an example code of adware,
spyware, and trojan.
3.5.6 Adware
Adware is malware that specifically gets channeled through
ads, exploiting when a user interacts with the ad. To demon-
strate how ChatGPT can be used to create an adware,
we started by asking ChatGPT as a DAN if it could give
an example code of a type of adware. The initial snippet
included multiple example texts for ads and a function that
displays an ad every five seconds. We then asked the DAN
to give a more in-depth example.
Figure 21 shows example implementation of four differ-
ent text examples of ads, displaying different ads every five
seconds with a for loop, and tracking the click of the ad
using a print statement to show that it has been clicked.
3.5.7 Spyware
Spyware is malware that ‘spies’ on a user to gather sensitive
information from their computer usage. Asking ChatGPT
to generate an example of a spyware failed to give a
code snippet, so we asked what a spyware does to get
key implementations of a spyware. Asking it to generate
an implementation of the features, ChatGPT gave what it
shown partly in Figure 22. As can been seen, ChatGPT was
able to generate basic implementations of features used to
spy on a user, such as a function to capture the user’s screen,
webcam, and audio. This code snippet goes on to put this
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 13

Fig. 19. ChatGPT’s generation of the network scan function for REvil

into a main function to make it functional. Although this is

functional, it doesn’t have the structure of a spyware attack.

3.5.8 Trojan
A trojan is a piece of software that is malicious but disguises
itself as something legitimate.
We asked the DAN to give an example code of a type
of trojan. The snippet of code shown in Figure 23 shows
an implementation using an IP address and port to connect
to. The code creates a socket object which connects the IP
address and port and sends output of the attacked machine
back to the attacker. After this, the connection via the socket
is closed.
Our exploration highlighted the potential misuse of Fig. 20. Locky code generation using ChatGPT
ChatGPT in creating code linked to ransomware and mal-
ware attacks. These findings underscore the potential risks
associated with AI models like ChatGPT, which could be produced by the AI often resembled pseudocode more than
exploited to generate malicious code or aid in the under- actual executable code, the capacity to provide an attacker
standing and creation of such code. Although the code with a structural idea or general understanding of how an
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 21. Attempt to generate a snippet of basic adware
attack operates is a cause for concern.
3.6 Viruses that Affect CPU Architecture
Certain viruses can crack the CPU of a computer. Viruses
tested on ChatGPT mainly dealt with reading kernel mem-
ory. If a virus can access kernel memory, then it can do what-
ever it wants to the system itself. Examples of this type of
virus include the Meltdown and Spectre [45], ZombieLoad
[46], and RowHammer [47] attacks as shown in Figures
24,25,26.
The Meltdown and Spectre attacks specifically target
vulnerabilities in the CPU’s architecture to access the ker-
nel memory. A meltdown attack is supposed to make the
CPU run an instruction after predicting an outcome of
said instruction. When that prediction is wrong, the CPU
will start over, and hidden data can be accessed from that
failed instruction. This method of the CPU predicting the
outcome of an instruction is called speculative execution,
which the spectre attack also exploits. However, the spectre
attack tries to use a side channel vulnerability to leak hid-
den data within a system. Figure 24 shows the meltdown
attack which moves secret data into a register, shifts the
register, then jumps to code that will throw an exception.
The spectre attack uses an array index to exploit sensitive
information through a side channel. Both snippets of code
do not represent the full code of either attack.
The ZombieLoad attack exploits CPU buffers to access
memory that could have been thought to be long gone or
’dead’. In Figure 25, the code includes a payload function
that loads bytes into the processor’s buffers, which is used
14
Fig. 22. Attempt to generate a snippet of features of spyware
to access sensitive data. The code considers the address of
the sensitive data, the number of bytes, a ”secret value” that
is expected to be read, and a threshold of time to detect
cache hits.
The RowHammer attack ’hammers’ into one row in
memory to affect adjacent rows in order to modify data
within the CPU. Figure 26 shows a basic RowHammer
attack’s code, where there is a function that iterates through
rows to ’hammer’. The code, however, falls flat where it just
sets a row element to itself.
3.7 Polymorphic Malware Generation
Polymorphic malware represents a sophisticated class of
malicious software designed to alter its code with each
execution, thus undermining antivirus software’s detection
and eradication capabilities. Leveraging ChatGPT’s genera-
tive prowess, potential misuse could facilitate polymorphic
malware generation.
Suppose a perpetrator trains ChatGPT on diverse mal-
ware code variants. Consequently, ChatGPT could be em-
ployed to spawn a malware base code and a polymorphic
engine – a crucial component modulating the malware’s
code every execution cycle. The resultant malware meta-
morphosizes with each execution, eluding many signature-
based antivirus systems. In an applied example, we illus-
trate the potential misuse of ChatGPT in creating polymor-
phic malware. We leverage both the web-based interface
and the API version of ChatGPT. Initially, we attempt to
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 15

Fig. 23. Attempt to generate a snippet of a Trojan

Fig. 25. ZombieLoad code generation using ChatGPT

Fig. 24. Attempt to generate snippets of Meltdown and Spectre
generate code for a rudimentary DLL injection into a pro-
cess, for instance, explorer.exe. The content filters of the
web-based interface initially obstruct such code generation.
Nevertheless, we can circumvent these filters by persistently
insisting on diverse phrasing or using the DAN jailbreak.
Notably, the API version avoids activating the content filter,
thus permitting more consistent receipt of comprehensive
code. Feeding pseudocode into ChatGPT results in the gen-
eration of the corresponding shellcode. Moreover, we can
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 26. RowHammer code generation using ChatGPT
incessantly mutate the ChatGPT-generated code, spawning
multiple unique variants of the same code [48].
For example, we could employ ChatGPT to formulate a
code segment seeking files to target for encryption, mirror-
ing ransomware behavior. ChatGPT’s capabilities extend to
generating code for encrypting the located files. By combin-
ing these capabilities, we can produce a polymorphic mal-
ware exhibiting a high evasion capability and formidable
detection resistance. Even more insidiously, we could em-
bed a Python interpreter within the malware, periodically
querying ChatGPT for new modules executing malicious
actions.This approach, shown in Figure 27, enables the
malware to discern incoming payloads in text form rather
than binaries. The result is polymorphic malware exhibiting
no malicious behavior while stored on disk, often devoid
of suspicious logic while in memory. This level of mod-
ularity and adaptability significantly enhances its evasion
capability against security products reliant on signature-
based detection. It can also circumvent measures such as the
Anti-Malware Scanning Interface (AMSI), primarily when
executing and running Python code.
16
Fig. 27. Polymorphic Malware Generation
4 C HAT GPT FOR C YBER D EFENSE
Cybersecurity defense refers to organizations’ measures and
practices to secure their digital assets, such as data, devices,
and networks, from unauthorized access, theft, damage, or
disruption. These measures can include various technical,
organizational, and procedural controls, such as firewalls,
encryption, access controls, security training, incident re-
sponse plans, and more. As the technology matures and im-
proves, we can expect the following ChatGPT cybersecurity
defense use cases to emerge in enterprises.
4.1 Cyberdefense Automation
ChatGPT can reduce the workload of overworked Security
Operations Center (SOC) analysts by automatically ana-
lyzing cybersecurity incidents. ChartGPT also helps the
analyst make strategic recommendations to support instant
and long-term defense measures. For example, instead of
analyzing the risk of a given PowerShell script from scratch,
a SOC analyst could rely on ChatGPT’s assessment and rec-
ommendations. Security Operations (SecOps) teams could
also ask OpenAI questions, such as how to avert danger-
ous PowerShell scripts from running or loading files from
untrusted sources, to improve their organizations’ overall
security postures [49].
Such ChatGPT cybersecurity use cases could provide
considerable relief for understaffed SOC teams and help the
organization by reducing overall cyber-risk exposure levels.
The technology is also essential for educating and training
entry-level security analysts and enabling a quicker learning
curve than previously achievable. For example, during a
security incident or log analysis, SOC analysts typically
scrutinize server access for anomalies or patterns indicative
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 28. ChatGPT detecting security issue in server logs [50]
Fig. 29. PowerShell script that detects which table in the Adventure-
Works2019 database is consuming more CPU [50]
17
of an attack. ChatGPT can process large volumes of log data
and efficiently detect anomalies or security issues within
access logs. As illustrated in Figure 28, when server access
logs are input into ChatGPT, it can identify potential threats
such as SQL injection and categorize the different types of
SQL injection. and alert SOC analyst. In another scenario,
an analyst may ask to generate a PowerShell script to
detect which table in the database ”Adventureworks2019”
is consuming more CPU, as shown in Figure 29. The analyst
can save this script as a .ps1 file and run it using PowerShell.
The script will output the CPU time for each table in
the AdventureWorks2019 database and the table with the
highest CPU time. This will help the analyst identify which
table is consuming the most CPU and take necessary actions
to optimize the query performance. Powershell is just the
example script, while ChatGPT can be used to find security
bugs in any given script along with the patch to fix them.
4.2 Cybersecurity reporting
As an AI language model, ChatGPT can assist in cybersecu-
rity reporting by generating natural language reports based
on cybersecurity data and events. Cybersecurity report-
ing involves analyzing and communicating cybersecurity-
related information to various stakeholders, including ex-
ecutives, IT staff, and regulatory bodies [49]. ChatGPT can
automatically generate reports on cybersecurity incidents,
threat intelligence, vulnerability assessments, and other
security-related data. By processing and analyzing large
volumes of data, ChatGPT can generate accurate, compre-
hensive, and easy-to-understand reports. These reports can
help organizations identify potential security threats, assess
their risk level, and take appropriate action to mitigate them.
ChatGPT can help organizations make more informed deci-
sions about their cybersecurity strategies and investments
by providing insights into security-related data. In addition
to generating reports, ChatGPT can also be used to analyze
and interpret security-related data. For example, it can be
used to identify patterns and trends in cybersecurity events,
which can help organizations better understand the nature
and scope of potential threats.
4.3 Threat Intelligence
ChatGPT can help in Threat Intelligence by processing vast
amounts of data to identify potential security threats and
generate actionable intelligence. Threat Intelligence involves
collecting, analyzing, and disseminating information about
potential security threats to help organizations improve
their security posture and protect against cyber attacks.
ChatGPT can automatically generate threat intelligence re-
ports based on various data sources, including social media,
news articles, dark web forums, and other online sources. By
processing and analyzing this data, ChatGPT can identify
potential threats, assess their risk level, and recommend
mitigating them. In addition to generating reports, ChatGPT
can also be used to analyze and interpret security-related
data to identify patterns and trends in threat activity. Chat-
GPT can help organizations make more informed decisions
about their security strategies and investments by providing
insights into the nature and scope of potential threats.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
4.4 Secure Code Generation and Detection
The risk of security vulnerabilities in code affects software
integrity, confidentiality, and availability. To combat this,
code review practices have been established as a crucial part
of the software development process to identify potential
security bugs. However, manual code reviews are often
labor-intensive and prone to human errors. Recently, the
advent of AI models such as OpenAI’s GPT-4 has shown
promise in not only aiding in the detection of security bugs
but also generating secure code. In this section, we will
present a methodology for leveraging AI in code review
and code generation with specific focus on security bugs
detection.
4.4.1 DETECTING SECURITY BUGS IN CODE REVIEW
USING CHATGPT
The intricacies of code review, especially in the context of
detecting security bugs, require a deep understanding of
various technologies, programming languages, and secure
coding practices. One of the challenges that teams often
face is the wide array of technologies used in development,
making it nearly impossible for any single reviewer to be
proficient in all of them. This knowledge gap may lead to
oversights, potentially allowing security vulnerabilities to
go unnoticed.
Furthermore, the often lopsided developer-to-security-
engineer ratio exacerbates this problem. With the high vol-
ume of code being developed, it’s challenging for security
engineers to thoroughly review each pull request, increasing
the likelihood of security bugs slipping through the cracks.
To alleviate these issues, AI-powered code review can be
a potent tool. GPT-4, a Transformer-based language model
developed by OpenAI [51], exhibits a strong potential to
assist in this arena. By training GPT-4 with a vast dataset of
past code reviews and known security vulnerabilities across
different languages, it can act as an automated code re-
viewer, capable of identifying potential security bugs across
various programming languages.
For example, consider the following C++ code:
char buffer[10];
strcpy(buffer, userInput);
?>
In this code snippet, GPT-4 would detect the potential for a
buffer overflow, a classic security issue where an application
writes more data to a buffer than it can hold, leading to
data being overwritten in adjacent memory. In this specific
instance, GPT-4 flags that the strcpy function does not check
the size of the input against the size of the buffer, making it
vulnerable to a buffer overflow attack if userInput exceeds
the buffer size.
4.4.2 GENERATING SECURE CODE USING CHATGPT
In addition to identifying security issues, GPT-4 can also
suggest secure coding practices. Given its proficiency in
multiple programming languages and its understanding of
security principles, GPT-4 can provide alternative solutions
that comply with secure coding standards.
Building upon the previous example, GPT-4 can generate
a more secure code snippet as follows:
18
char buffer[10];
if(strlen(userInput) < sizeof(buffer)){
strcpy(buffer, userInput);
}else{
// Handle the error or trim userInput.
}
In the suggested code, GPT-4 introduces a check for the
length of the userInput against the buffer size. By ensuring
the userInput length is less than the buffer size before per-
forming the strcpy operation, the risk of a buffer overflow
attack is mitigated.. This not only helps in mitigating the
identified security issue but also serves as a teaching tool for
developers, improving their understanding of secure coding
practices.
GPT-4’s capabilities extend beyond just a single pro-
gramming language or a single type of vulnerability. It can
be trained to understand and respond to a wide variety
of security issues across different languages, making it a
valuable asset in the code review process and contributing
to a more secure software development lifecycle.
These capabilities of GPT-4 pave the way for its broader
adoption in real-world applications, including but not lim-
ited to automated code review, secure code generation,
and as a training tool for developers to understand and
implement secure coding practices.
4.5 Identification of Cyber Attacks
ChatGPT can help identify cyber attacks by generating nat-
ural language descriptions of attack patterns and behaviors.
Identifying cyber attacks involves detecting and analyzing
malicious activity on an organization’s network or systems.
ChatGPT can analyze security-related data, such as network
logs and security event alerts, to identify potential attack
patterns and behaviors. By processing and analyzing this
data, ChatGPT can generate natural language descriptions
of the attack vectors, techniques, and motivations used by
attackers. ChatGPT can also generate alerts and notifications
based on predefined criteria or thresholds. For example,
if ChatGPT detects an unusual pattern of activity on a
network, it can automatically create an alert or notification
to the appropriate personnel. Chart GPT assist in analyzing
and understanding cross side scripting attack as shown
in Figure 30, including security vulnerabilities. It can help
developers in writing secure code by providing suggestions
and identifying potential security risks.
4.6 Developing Ethical Guidelines
ChatGPT can help in developing Ethical Guidelines for
AI systems by generating natural language explanations
and recommendations based on existing ethical frameworks
and principles. ChatGPT can analyze and interpret ethical
guidelines and principles, such as the IEEE Global Ini-
tiative for Ethical Considerations in Artificial Intelligence
and Autonomous Systems [53] or the European Union’s
General Data Protection Regulation (GDPR) [54], and gener-
ate natural language summaries and recommendations for
implementing these guidelines in AI systems. Additionally,
ChatGPT can be used to generate ethical scenarios and case
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 30. Identification of cross-site scripting attack [52]
studies that can be used to educate and train AI developers
and stakeholders on the ethical considerations and impli-
cations of AI systems. ChatGPT can help developers and
stakeholders better understand the potential impacts of their
decisions and actions by simulating ethical dilemmas and
scenarios. For example, we asked chartGPT to give a list of
software that can be used to evaluate a website’s quality for
link building based on the Google’s quality rate guidance,
and it helps us find software that meets Google’s quality
guidelines, as shown in Figure 31.
4.7 Enhancing the Effectiveness of Cybersecurity
Technologies
ChatGPT can be integrated with intrusion detection systems
to provide real-time alerts and notifications when potential
threats are detected. ChatGPT can identify potential threats
and generate natural language descriptions of the attack pat-
terns and behaviors by processing and analyzing security-
related data, such as network logs and security event alerts.
These descriptions can then generate real-time alerts and
notifications, allowing security teams to respond to potential
threats and mitigate their impact quickly. Moreover, Chat-
GPT’s ability to learn from historical data can enable it to
identify patterns and trends in threat activity, allowing the
development of more effective intrusion detection rules and
policies. This can help organizations improve their ability to
detect and respond to known and emerging threats.
4.8 Incidence Response Guidance
Incident response is a key element in an organization’s cy-
bersecurity strategy. A well-orchestrated response can help
19
Fig. 31. Ethical Guideline example [55]
mitigate the damage caused by a security breach or cyber-
attack. However, the speed and accuracy of these responses
are paramount. GPT-4, OpenAI’s language model, can assist
in expediting and streamlining these processes, providing
automated responses, and even aiding in crafting incident
response playbooks.
A feature of GPT-4’s architecture is its ability to gen-
erate natural, context-based text. This can be exploited to
create an AI-powered incident response assistant, capable
of providing immediate guidance during an incident and
automatically documenting events as they unfold.
Let’s consider an example where a network intrusion
detection system (NIDS) flags suspicious activity resembling
an SQL injection attack:
NIDS Alert: ”Alert - SQL Injection Attack detected
from IP 192.168.1.1 targeting the Users Database.”
GPT-4 can be trained to respond as follows:
ChatGPT: ”Initiating SQL Injection Response Protocol.
Block IP address 192.168.1.1 immediately to prevent further
intrusion attempts. Initiate a scan of the Users Database
for any anomalies or unauthorized modifications. Ensure
to take backups before initiating the scan to prevent loss of
data. Alert the cybersecurity team to further investigate the
attack.”
This demonstrates GPT-4 providing immediate response
actions based on predefined guidelines, helping to reduce
the response time and potentially limit damage caused by
the incident.
In addition to providing incident response, GPT-4 can
also be instrumental in creating automated incident re-
sponse playbooks. These playbooks are a set of guidelines
that provide detailed, step-by-step instructions on how to
handle various types of security incidents. With its natural
language generation capabilities, GPT-4 can transform tech-
nical guidelines and protocols into easy-to-follow instruc-
tions.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
For example, consider creating an incident response
playbook for a Distributed Denial of Service (DDoS) attack:
Input to ChatGPT: ”Create a DDoS incident re-
sponse playbook.”
ChatGPT: ”Title: DDoS Incident Response Playbook
Identification: Monitor network traffic for sudden spikes
or unusual patterns. Use intrusion detection systems to
identify potential DDoS attacks. Containment: Implement
rate limiting and IP filtering rules to limit the incoming traf-
fic. Use a DDoS protection service if available. Eradication:
Identify and block malicious IP addresses. Remove affected
systems from the network if necessary. Recovery: Restore ser-
vices incrementally while monitoring for suspicious activity.
Follow-up: Conduct a post-incident analysis to understand
the attack and improve defense measures.”
This example shows how GPT-4 can create an easy-to-
understand playbook for managing a DDoS attack, provid-
ing a consistent, reliable response to such incidents. To illus-
trate this in a real-world context, consider the case of Palo
Alto’s XSOAR Incident Response tool [56], which is built
on the capabilities of ChatGPT. XSOAR’s playbooks aim to
deliver information in a manner that is easily accessible and
comprehensible to users.
ChatGPT’s ability to analyze incidents and present find-
ings in readable, natural language significantly enhances
the value proposition for security analysts. This assists
not only in identifying the potential security threats but
also in understanding them without the requirement of a
deep technical background in cybersecurity. Furthermore,
XSOAR utilizes ChatGPT to enhance incident ticket re-
sponse. It does so by delivering detailed analysis, impact
assessment, and recommendations directly into the incident
ticket in a format that’s easy for the analyst to comprehend.
The speed and accuracy of the responses, combined with
the depth of information provided, have led to increased
user satisfaction. Figure 32 shows an example of the email
received by the analyst from XSOAR with the ChatGPT
response output.
4.9 Malware Detection
Another compelling use-case of GPT-4 in cybersecurity is in
the field of malware detection. Malware, short for malicious
software, refers to any software specifically designed to
cause damage to a computing system, server, client, or com-
puter network. With the proliferation of malware variants
and their increasing complexity, traditional signature-based
detection systems often fall short. The ability to adapt and
learn makes AI models like GPT-4 potent tools for malware
detection.
GPT-4 can be trained on a dataset of known malware sig-
natures, malicious and benign code snippets, and their be-
havior patterns. It can learn to classify whether a given piece
of code or a software binary could potentially be malware.
The model can be fine-tuned to understand different types
of malware such as viruses, worms, trojans, ransomware,
and more. It can then generate reports detailing the potential
risks and suggesting mitigating actions.
Consider the example of a simple piece of pseudo code
that attempts to replicate itself onto other files:
procedure infect(executable_files):
20
for file in executable_files:
if not is_infected(file):
append_self_to_file(file)
This piece of code is a simplistic representation of a
virus’s self-replication behavior. When fed to GPT-4, the
model could recognize this behavior and classify the code
as potentially malicious. It could then generate a report
detailing its findings:
Analysis Report: The submitted code demon-
strates self-replication behavior typically associ-
ated with computer viruses. It attempts to append
its own code to other executable files, which is
a common propagation method for viruses. This
kind of behavior can lead to the spread of the
malicious code across a system or network.
Recommended action: Isolate the detected code
and perform a thorough investigation. Avoid ex-
ecuting unknown or suspicious files. Update your
antivirus software and perform a full system scan.
This capability of GPT-4 opens up new possibilities for
proactive malware detection and response. While the ap-
proach is not without its challenges and limitations - such
as the need for comprehensive and up-to-date training data,
and potential false positives or negatives - it can signifi-
cantly complement existing malware detection methods. By
leveraging GPT-4’s learning ability, we can aim to keep pace
with the ever-evolving landscape of cyber threats.
5 S OCIAL , L EGAL AND E THICAL I MPLICATIONS OF
C HAT GPT
As users make use of ChatGPT and similar LLM tools in
prohibited ways discussed earlier, they are already in dicey
waters. Even if the users isn’t using ChatGPT in unethical
ways, they can still be using the generated AI app in
seemingly fully legitimate ways and become the subject of a
lawsuit by someone that believes that the user have caused
them harm as a result of user’s ChatGPT use. Further, these
chatbots can showcase social bias, threaten personal safety
and national security, and create issues for professionals.
The problem with the ChatGPT (and similar) models is
that they perpetuate gender, racial, and other kinds of social
biases. Many scholars and users pointed out when they used
ChatGPT to gather data or write articles/essays on some
topics, they received a biased output, reflecting harmful
stereotypes. The data fed into ChatGPT is old and limited,
and has not been updated after 2021. It is built on data of
around 570 GB, which is approximately 300 billion words.
This amount is not enough to answer queries on every topic
in the world from different perspectives. In this way, it fails
to reflect progressivism as well [57]. In this section, we will
discuss some of the ethical, social and legal implications of
ChatGPT and other LLM tools.
5.1 The Pervasive Role of ChatGPT
ChatGPT and other contemporary large language model
(LLM) based tools have exhibited prowess in responding to
a wide array of questions and prompts. While the utility
of answering questions is evident, it’s within the realm
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 32. XSOAR Output for Incident Response
of prompt response where ChatGPT truly showcases its
potential. Various corporations now employ ChatGPT in the
production of marketing material and product descriptions.
The integration of control instructions and data might
seem familiar, echoing the long-standing issue present in
the Von Neumann architecture that is ubiquitous in modern
computing. Ensuring safe processing of both instructions
and data has traditionally been achieved through strate-
gies such as segregating data and instructions as much as
possible, and placing the data at the end, often prefaced
by a marker indicating that the following data should not
be interpreted as instructions. Yet, the efficacy of these
strategies remain under examination.
5.2 Unauthorized Access to User Conversations and
Data Breaches
A significant data breach involving ChatGPT has recently
been confirmed, underscoring the urgent need for strength-
ened security measures [58]. This breach led to the unex-
pected exposure of users’ conversations to external entities,
which clearly violates user privacy. If cybercriminals exploit
ChatGPT to plan cyber-attacks, their schemes could become
unintentionally visible to others. Moreover, sensitive user
data, such as payment information, was at risk during this
breach. Although reports suggest that only the last four
digits of the credit cards of users registered on March 20th,
2023 between 1 and 10 a.m. pacific time were exposed,
the situation raises critical questions about the security
protocols and data storage strategies employed by ChatGPT
[58].
5.3 Misuse of Personal Information
An examination of OpenAI’s use of personal information
for AI training data has unearthed significant privacy chal-
21
lenges [59]. A notable case surfaced in Italy, where reg-
ulators banned the use of ChatGPT due to the European
Union’s GDPR non-compliance, primarily centered around
unauthorized use of personal data. OpenAI’s assertion of
relying on ”legitimate interests” when using people’s per-
sonal information for training data raises ethical and legal
dilemmas about how AI systems handle personal data,
regardless of if the information is public or not.
5.4 Controversy Over Data Ownership and Rights
ChatGPT’s extensive reliance on internet-sourced informa-
tion, much of which might not belong to OpenAI, is a point
of contention [59]. This issue took center stage when Italy’s
regulator pointed out the lack of age controls to block access
for individuals under 13 and the potential for ChatGPT
to disseminate misleading information about individuals.
This discourse accentuates the pivotal concern that OpenAI
might not possess legal rights to all the information that
ChatGPT uses, regardless of the information being public or
not [59].
5.5 Misuse by Organizations and Employees
An incident involving Samsung employees reflected another
facet of potential misuse of LLM toolds [60]. The employees
at Samsung used ChatGPT to generate or debug code,
inadvertently inputting confidential company information
into the AI model. As a result, this confidential information
became part of ChatGPT’s library, potentially making it
publicly accessible, and thereby raising significant privacy
concerns. One privacy concern is if the average ChatGPT
user could potentially access this information just by asking
about it. Samsung as a company would need to enforce a
policy about not allowing their employees to use ChatGPT
and other LLMs, as this can lead to information leaks.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
5.6 Hallucinations: A Challenge to Tackle
OpenAI’s GPT-4 technical paper discussed the issue of ”hal-
lucinations,” a phenomenon where the AI model generates
inaccurate or outright false information [61]. While this
concern does not directly relate to privacy, it emphasizes
the importance of the accuracy and reliability of information
provided by AI systems like ChatGPT, as people cannot
entirely rely on these LLMs to be completely accurate. Mis-
information and misuse stemming from these hallucinations
indirectly contribute to privacy issues, emphasizing the
need for improvements in AI system accuracy and integrity.
On top of this, there are over 100 million users of ChatGPT,
meaning that if users are asking similar questions and get-
ting the same hallucinogenic answer, the misinformation can
be widespread [61]. An article on DarkReading discussed
an issue where an attacker can exploit these hallucinations.
When a user asks about specific packages and ChatGPT
does not know what packages to use, it will fill in places
where a package does not exist with a made up package.
An attacker can publish the malicious version of a package
that ChatGPT can link to in response, and when the user
downloads this package, it can be harmful to their computer
[62].
6 A C OMPARISON OF C HAT GPT AND G OOGLE ’ S
BARD
Large Language Models (LLMs) like OpenAI’s ChatGPT
and Google’s Bard AI exemplify the remarkable advance-
ments in machine learning and artificial intelligence. These
models, trained on extensive datasets, are transforming
how we interact with technology, opening new possibilities
in several applications, from customer support to virtual
assistants. ChatGPT and Bard AI use WebText2 or Open-
WebText2 [51] and Infiniset datasets for training. While both
share the underpinning of the transformer neural network
architecture and the process of pre-training and fine-tuning,
they embody unique features within their architectures, ow-
ing to their iterative refinements over time. ChatGPT, com-
mencing its journey with GPT-1 in June 2018, has progressed
significantly, with its current iteration, GPT-4, unveiled in
March 2023. Bard AI, initially introduced as Meena [63], has
also undergone various refinements, demonstrating signif-
icant improvements in human-like conversational abilities.
Both models showcase remarkable contextual understand-
ing capabilities. However, their adeptness varies depending
on the nature and complexity of the questions asked. While
ChatGPT finds extensive use in customer support scenar-
ios, Bard AI excels in applications that require human-like
conversational abilities [64].
However, these tools differ in terms of their developer
communities and ecosystems. ChatGPT, owing to its wide
availability, enjoys popularity among developers and re-
searchers, boasting over 100 million users and approxi-
mately 1.8 billion visitors per month [64]. Although avail-
able publicly through APIs, Bard AI remains in beta version
and is accessible only to a limited number of users. OpenAI
and Google have adopted distinct approaches toward the
openness and accessibility of their models. OpenAI pro-
motes accessibility of ChatGPT via various APIs, while Bard
AI, though publicly available as an experimental product,
22
remains restricted to a limited user base during its ex-
perimental phase. In term of the training data, ChatGPT
utilizes a semi-supervised (Reinforcement Learning from
Human Feedback (RLHF)) approach, drawing from sources
like WebText2 or OpenWebText2, Common Crawl, scientific
literature, and Wikipedia. On the other hand, Bard AI lever-
ages the Infiniset dataset, a blend of diverse internet content,
to enhance its dialogue engagement capabilities.
Advanced AI systems like ChatGPT and Google Bard
demonstrate potential as powerful tools for detecting and
mitigating software vulnerabilities. However, as discussed
earlier, these systems could potentially be leveraged by
malicious actors to automate and optimize cyberattacks.
In the following discussion, we explore this double-edged
aspect of AI in cybersecurity by examining the capacity of
ChatGPT and Google Bard, and share our experience based
on the experiments conducted by the authors.
6.1 Cyber Offense and Malcode Generation
ChatGPT’s approach to an attempt at cyber-attack code gen-
eration is ethical and responsible. It consistently declined
our request to generate attack payloads or engage in social
engineering, demonstrating a commitment to its OpenAI
guidelines. Attempts to break these rules, using role-playing
or jailbreaking, were met with an error message. The tool
underlined its ethical usage, stating, ”I’m sorry, but I cannot
assist with creating an email for malicious purposes or to engage
in any form of social engineering attack. My purpose is to provide
helpful and ethical information to users. If you have any other
non-malicious requests or questions, I’ll be more than happy
to help.”. On the other hand, when we attempted, similar
prompts on Google’s Bard, its responses were more varied.
When asked to provide examples of certain types of attacks,
Bard often returned useful code snippets. For instance, in
the case of ransomware, Bard gave detailed information
about each function, attempting to implement the Advanced
Encryption Standard within the code snippet. However, it
omitted the creation of a ransom note. When probed for
an example of a SQL Injection, Bard consistently avoided
providing a response. Attempts to rephrase the question or
ask for related but less directly malicious code were unsuc-
cessful. Bard also produced code snippets for attacks like
ZombieLoad and Rowhammer, but they were significantly
simplified compared to what a jailbroken ChatGPT might
generate. Bard reminded the user about its non-malicious
usage policy after generating these snippets. When it came
to generating code for a Polymorphic Virus, Bard was
entirely unsuccessful. Even when asked to implement the
features of a polymorphic virus in code, it consistently
avoided doing so.
In conclusion, Bard’s ability to generate code for cyber-
attacks was unpredictable. Notably, Bard could generate
some attacks without jailbreaking, an aspect that Google
should consider in the further development of the tool.
It’s important to note that by June 27, 2023, Bard stopped
producing code for ransomware and viruses, indicating po-
tential improvements in Google’s management of the tool’s
capabilities in the context of the cyber offense. This shows a
trend toward more responsible use of AI in code generation.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
6.2 Detection and Mitigation of Security Vulnerabilities
Large Language Models (LLMs) such as ChatGPT and
Bard have demonstrated their versatility in various tasks,
such as text generation, language translation, and question-
answering. Trained on extensive datasets comprising texts
and code, these models possess the capability to understand
code semantics and identify potential security vulnerabili-
ties. The LLMs recognize security vulnerabilities by search-
ing for patterns in the source code typically associated with
such weaknesses. For instance, the models may scrutinize
code for prevalent security flaws, including but not limited
to buffer overflow errors or SQL injection vulnerabilities. In
addition to identifying vulnerabilities, these LLMs can gen-
erate comprehensive reports outlining the potential security
flaws they have detected. Developers can leverage these
reports to address and rectify the vulnerabilities present
in their code, enhancing the security robustness of their
applications.
In our experimental study, an intentional SQL injection
vulnerability was introduced into a piece of code and
presented to both ChatGPT and Bard for analysis. Both
models successfully detected the SQL injection vulnerability,
explained the issue, and proposed solutions to mitigate
the risk. The recommended solution involved using the
prepareStatement function to circumvent SQL injection vul-
nerabilities. These solutions were tested and found to be
effective in real-time scenarios.
Listing 1. SQL injection vulnerable code
<%...
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("select *
,→ from emp where id="+eid);
if (rs != null) {
rs.next();
String name = rs.getString("name");
%>
Employee Name: <%= name %>
Listing 2. Solution provided by ChatGPT
PreparedStatement stmt = conn.
,→ prepareStatement("SELECT * FROM emp
,→ WHERE id = ?");
stmt.setInt(1, eid); // Assuming eid is an
,→ integer value
ResultSet rs = stmt.executeQuery();
if (rs.next()) {
String name = rs.getString("name");
// Rest of the code
} cutoff and leverages the vast expanse of the internet to
Notably, Google’s Bard provided additional insights into
preventing SQL injections, further enriching the remedia-
tion strategies.
6.3 Security logs analysis
Log analysis is a critical part of any security posture. By
analyzing logs, organizations can identify potential threats,
23
track user behavior, and ensure compliance with regula-
tions. However, log analysis can be daunting, as it often
involves large volumes of data and complex patterns. Chat-
GPT and Bard are LLMs that can be used to automate log
analysis. These models are trained on massive datasets of
text and code, which allows them to understand and process
log data. ChatGPT and Bard can be used to identify anoma-
lous patterns in log data, which can indicate a security
threat.
For our study, server logs containing traces of SQL
injection and Path Traversal cyberattacks were analyzed
using ChatGPT, and Google Bard. SQL injections, including
Union and Subquery attacks, and Path Traversal attacks,
even their encoded variants, were present within the logs.
Both ChatGPT and Google Bard demonstrated competent
detection capabilities for the Path Traversal and encoded
traversal attacks. Regarding SQL injection attacks, the AI
tools’ performances were differentiated. While ChatGPT
was successful in identifying all types of SQL injections,
including Union and Subquery attacks, Google Bard’s detec-
tion was limited to only Union SQL injections. This observa-
tion points towards a potential limitation in Google Bard’s
threat detection capabilities concerning different variants of
SQL injections.
Remediation recommendations, a critical component of
threat response, was another area of assessment. Google
Bard offered remediation steps immediately following the
detection of threats. This feature enhances its utility by guid-
ing users on the course of action to mitigate the identified
cybersecurity risks. ChatGPT initially did not provide any
remediation steps post-threat detection. However, further
interaction revealed that it could provide extensive and
valid remediation recommendations upon request. This in-
dicates an interactive nature inherent in ChatGPT, which
could be a potential asset, despite requiring additional user
prompts to extract such information. In conclusion, both AI
systems exhibit promising and varying capabilities in cyber
threat detection and remediation.
6.4 Information Cutoff
ChatGPT, developed by OpenAI, has an information cutoff
in September 2021 [51]. This implies that it cannot provide
answers to queries that require knowledge or data post
this date. This limitation is partially mitigated in the lat-
est version, ChatGPT 4, which incorporates plugins and a
feature known as ’Chat with Bing’ [65]. This feature enables
ChatGPT to access current information, albeit with a degree
of inaccuracy when compared to Google’s Bard.
Bard, unlike ChatGPT, does not have an information
provide answers. This feature makes Bard a potential tool
for cyber criminals who might use it to generate attacks,
given its ability to provide information about emerging tech-
nologies. On the flip side, cybersecurity professionals can
also use Bard to stay abreast with the latest information on
security. However, Bard is not without its flaws. It has been
observed to suffer from ’hallucinations’, where it generates
information that is not based on factual data.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY
Fig. 33. Open research challenges and potential future directions for
LLMs performance and security.
6.5 Privacy Issues
ChatGPT has faced criticism over privacy concerns, partic-
ularly around the storage of information in the chatbot’s
library and potential leaks of user information. Google Bard,
on the other hand, has not been reported to have these
issues. However, Bard potentially uses users’ activity data
for its training, raising concerns about privacy [66]. Unlike
Bard, ChatGPT 4 provides users with the option to opt out
of contributing their data for training purposes. This feature
adds an additional layer of control for users over their data,
addressing some of the privacy concerns associated with the
use of AI chatbots.
In conclusion, while both ChatGPT and Google Bard
have their strengths and weaknesses, it is crucial for users
to be aware of these aspects to make informed decisions
about their use. As GenAI continues to evolve, it is expected
that these systems will become more accurate and secure,
providing users with a more reliable and safer experience.
7 O PEN C HALLENGES AND F UTURE D IRECTIONS
The most promising future direction for ChatGPT is in-
tegrating with other AI technologies, such as computer
vision and robotics. By merging the conversational abilities
of ChatGPT with the visual and physical capabilities of
computer vision and robotics, we can make intelligent and
conversational AI systems that can revolutionize how we
interact with technology. For example, a future where we
can have a natural language conversation with your smart
home system to control the temperature, lights, and other
appliances or with a robot that can assist you with cleaning
or grocery shopping tasks.
The merging of AI technologies will enable ChatGPT to
better comprehend and respond to human communication’s
complexities, leading to enhanced natural language gener-
ation and a more seamless and intuitive user experience.
Another exciting possibility for ChatGPT is the potential
for increased personalization and customization through
learning from user interactions and individual preferences.
As ChatGPT continues to interrelate with users, it can
learn about their language, tone, and style, generating more
personalized and accurate responses. This increased level
of personalization can also lead to better customer service
24
and education, as ChatGPT can be trained to understand
better and respond to each user’s specific needs and prefer-
ences. Furthermore, by leveraging the vast amounts of data
generated by ChatGPT’s interactions, developers can create
language models that are highly tuned to each user’s spe-
cific needs and preferences, leading to a more personalized
and engaging experience.
In this section, we will discuss the open challenges of this
research as GenAI and LLMs evolve along with potential
implementations to explore as outlined in Figure 33.
7.1 Patching Up Hallucinations
In section 5.6, we discussed the problem with hallucinations
in LLMs. Hallucinations is likely the biggest hole in the
performance of LLMs. These mainly can come from biases
within or simply the complexity of giant datasets, as these
LLMs take in a huge amount of training data, as discussed
in section 1.1. LLMs are bound to make mistakes on these
large datasets.
One way to attempt to mitigate these hallucinations is
to apply automated reinforcement learning to tell the model
when it is making a mistake. Researchers could attempt to
automate a system that detects and error and corrects it be-
fore it goes completely into the model’s pool of knowledge.
This could be potentially done by implementing anomaly
detection for error detection. Another way to potentially
reduce the amount of hallucinations could be to curate the
training data. Due to the size of the training data for LLMs,
this would take a very long time, but ensuring that the data
doesn’t have any inaccuracies or biases will help LLMs to
not hallucinate as much. By developing a system for easy
reinforcement learning and ensuring that the training data is
processed correctly, LLMs can overall become more reliable
and trustworthy sources of information.
7.2 Defending Against Adversarial Attacks
In section 2, we talked about different types of ways that
a user can manipulate LLMs, mainly ChatGPT, to give
responses that go against their own guidelines. The most
common way is by doing a jailbreak method, such as
the Do Anything Now (DAN). Using reverse psychology
and model escaping are two other ways an LLM can be
manipulated.
An intuitive way to go about fixing these adversarial
attacks is by training the model to recognize an input
involving said methods of manipulation, and then making
the model respond to the input with rejection. A model
could be trained to specifically recognize bits of input that
could yield malicious information and potentially weigh
what the consequences of giving certain information could
be. A model could then reject responding to a malicious
prompt. By developing a model with training against ad-
versarial attacks, we will be able to trust LLMs to not help
cybercriminals receive malicious code.
7.3 Privacy and Data Protection
In section 5, we discussed the many issues ranging from use
of personal information to sensitive data being save into an
LLM’s library.
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 25

Use of personal information which LLMs try to use [2] Generative AI – What is it and How Does it Work? https://www.
for training and responses can conflict with the European nvidia.com/en-us/glossary/data-science/generative-ai/. (Ac-
cessed on 06/26/2023).
Union’s GDPR compliance laws. To fix this, the developer [3] OpenAI. Introducing ChatGPT. https://openai.com/blog/
needs to discuss and ensure that the LLM adheres to those chatgpt, 2023. Accessed: 2023-05-26.
laws, as LLMs could potentially be banned from those [4] Do ChatGPT and Other AI Chatbots Pose a Cybersecurity
countries if not. Sensitive information being entered into Risk?: An Exploratory Study: Social Sciences & Humanities
Journal Article. https://www.igi-global.com/article/
an LLM’s library could be mitigated by a few potential do-chatgpt-and-other-ai-chatbots-pose-a-cybersecurity-risk/
solutions: the LLM simply not saving a user’s chat history, 320225. (Accessed on 06/26/2023).
company policies, or having the option to delete messages [5] Models - OpenAI API. https://platform.openai.com/docs/
from the LLM’s history. Another issue is that an LLM can models. (Accessed on 06/26/2023).
[6] Google Bard. https://bard.google.com/. (Accessed on
have an information cutoff; the biggest example is ChatGPT 06/26/2023).
having the September 2021 cutoff. The models could be [7] Hugo Touvron, Thibaut Lavril, Gautier Izacard, Xavier Martinet,
continuously trained and updated frequently to prevent Marie-Anne Lachaux, Timothée Lacroix, Baptiste Rozière, Naman
Goyal, Eric Hambro, Faisal Azhar, et al. Llama: Open and efficient
outdated information from being given so often. An issue foundation language models. arXiv preprint arXiv:2302.13971,
with this solution, however, is that the source datasets 2023.
would have to be updated frequently as well to give the [8] Number of ChatGPT Users (2023). https://explodingtopics.com/
new information. The new information could also be cause blog/chatgpt-users. (Accessed on 06/26/2023).
[9] https://www.leewayhertz.com/ai-chatbots/. Accessed: 03-2023.
for the model’s bias, as there would likely be more of the old [10] A History of Generative AI: From GAN to GPT-
information on a certain topic than the new information, 4. https://www.marktechpost.com/2023/03/21/
potentially making the model believe the old information a-history-of-generative-ai-from-gan-to-gpt-4/. (Accessed on
more. If LLMs are able to protect personal and/or sensitive 06/27/2023).
[11] Brian Roark, Murat Saraclar, and Michael Collins. Discrimina-
information and completely comply with regulations and tive n-gram language modeling. Computer Speech & Language,
laws, the LLMs will secure themselves as completely safe 21(2):373–392, 2007.
and reliable tools for everyone to use. [12] Thomas Wolf, Lysandre Debut, Victor Sanh, Julien Chaumond,
Clement Delangue, Anthony Moi, Pierric Cistac, Tim Rault, Rémi
Louf, Morgan Funtowicz, et al. Transformers: State-of-the-art
8 C ONCLUSION natural language processing. In Proceedings of the 2020 conference
on empirical methods in natural language processing: system demonstra-
GenAI driven ChatGPT and other LLM tools have made tions, pages 38–45, 2020.
significant impact on the society. We, as humans, have em- [13] OpenAI. OpenAI. https://openai.com/, 2023. Accessed: 2023-05-
26.
braced it openly and are using them in different ingenious [14] Fawad Ali. GPT-1 to GPT-4: Each of OpenAI’s GPT models
ways to craft images, write text or create music. Evidently, it explained and compared, Apr 2023.
is nearly impossible to find a domain where this technology [15] OpenAI. GPT-4. https://openai.com/research/gpt-4, 2023. Ac-
has not infringed and developed use-cases. Needless to cessed: 2023-06-28.
[16] Debra Cassens Weiss. Latest version of ChatGPT Aces Bar Exam
mention, cybersecurity is no different, where GenAI has with score nearing 90th percentile, Mar 2023.
made significant impacts how cybersecurity posture of an [17] From ChatGPT to HackGPT: Meeting the Cy-
organization will evolve with the power and threat Chat- bersecurity Threat of Generative AI. https:
GPT (and other LLM tools) offers. This paper attempts to //digitalrosh.com/wp-content/uploads/2023/06/
from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-generative-ai-1.
systematically research and present the challenges, limita- pdf. (Accessed on 06/26/2023).
tions and opportunities GenAI offers in cybersecurity space. [18] Kshitiz Aryal, Maanak Gupta, and Mahmoud Abdelsalam. A
Using ChatGPT as our primary tool, we first demonstrate survey on adversarial attacks for malware analysis. arXiv preprint
arXiv:2111.08223, 2021.
how it can be attacked to bypass its ethical and privacy safe-
[19] Using ChatGPT to Improve Your Cybersecu-
guards using reverse psychology and jailbreak techniques. rity Posture. https://www.upguard.com/blog/
This paper then reflects different cyber attacks that can using-chatgpt-to-improve-cybersecurity-posture#:∼:text=
be created and unleashed using ChatGPT, demonstrating ChatGPT%20can%20help%20security%20teams,lead%20to%
20a%20data%20breach. (Accessed on 06/26/2023).
GenAI use in cyber offense. Thereafter, this article also [20] ChatGPT Confirms Data Breach, Raising Security
experiment various cyber defense mechanisims supported Concerns. https://securityintelligence.com/articles/
by ChatGPT, followed by discussion on social, legal and chatgpt-confirms-data-breach/. (Accessed on 06/26/2023).
ethical concerns of GenAI. We also highlight the key dis- [21] What is ChatGPT? ChatGPT Security Risks. https://www.
malwarebytes.com/cybersecurity/basics/chatgpt-ai-security.
tinguishing features of two dominant LLM tools ChatGPT (Accessed on 06/26/2023).
and Googe Bard demonstrating their capabilities in terms [22] OpenAI. OpenAI Usage Policies. https://openai.com/policies/
of cybersecurity. Finally, the paper illustrates several open usage-policies. (Accessed on 06/28/2023).
challenges and research problems pertinent to cybersecurity [23] Muhammad Mudassar Yamin, Mohib Ullah, Habib Ullah, and
Basel Katt. Weaponized AI for cyber attacks. Journal of Information
and performance of GenAI tools. We envision this work will Security and Applications, 57:102722, 2021.
simulate more research and develop novel ways to unleash [24] How to Jailbreak ChatGPT, List of Prompts. https://www.
the potential of GenAI in cybersecurity. mlyearning.org/how-to-jailbreak-chatgpt/?expand article=1.
(Accessed on 06/10/2023).
[25] ChatGPT-Dan-Jailbreak. https://gist.github.com/coolaj86/
R EFERENCES 6f4f7b30129b0251f61fa7baaa881516. (Accessed on 06/20/2023).
[26] ChatGPT: DAN Mode (DO ANYTHING NOW). https://
[1] Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, plainenglish.io/blog/chatgpt-dan-mode-do-anything-now. (Ac-
David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua cessed on 06/20/2023).
Bengio. Generative Adversarial Networks. Communications of the [27] Here’s how anyone can Jailbreak ChatGPT with these
ACM, 63(11):139–144, 2020. top 4 methods - AMBCrypto. https://ambcrypto.com/
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 26

heres-how-to-jailbreak-chatgpt-with-the-top-4-methods-5/. (Ac- and%20long%2Dterm%20defense%20measures. Accessed: 03-

cessed on 06/20/2023). 2023.
[28] How to jailbreak ChatGPT: Get it to really do what [50] https://www.sqlservercentral.com/articles/
you want. https://www.digitaltrends.com/computing/ chatgpt-and-powershell-some-practical-examples. Accessed:
how-to-jailbreak-chatgpt/. (Accessed on 06/20/2023). 03-2023.
[29] How to Enable ChatGPT Developer Mode: 5 Steps (with Pictures). [51] OpenAI. GPT-4 Technical Report, 2023.
https://www.wikihow.com/Enable-ChatGPT-Developer-Mode. [52] https://twitter.com/mazen160/status/1598351725756301313. Ac-
(Accessed on 06/20/2023). cessed: 03-2023.
[30] How to Enable ChatGPT Developer Mode: A [53] IEEE Spectrum. IEEE Global Initiative Aims
Quick Guide. https://blog.enterprisedna.co/ to Advance Ethical Design of AI and Au-
how-to-enable-chatgpt-developer-mode/. (Accessed on tonomous Systems. https://spectrum.ieee.org/
06/20/2023). ieee-global-initiative-ethical-design-ai-and-autonomous-systems,
[31] Jailbreak ChatGPT. https://www.jailbreakchat.com/. (Accessed 2023. Online; accessed 26 May 2023.
on 06/20/2023). [54] European Union. General Data Protection Regulation. https://
[32] ChatGPT Tricked With Reverse Psychology Into Giv- gdpr-info.eu/, 2023. Online; accessed 26 May 2023.
ing Up Hacking Site Names, Despite Being Pro- [55] https://searchengineland.com/chatgpt-for-link-building-a-primer-393697.
grammed Not To. https://www.ruetir.com/2023/04/ Accessed: 03-2023.
chatgpt-tricked-with-reverse-psychology-into-giving-up-hacking-site\ Sameh Elhakim.
[56] Playbook of the Week: Using ChatGPT
-names-despite-being-programmed-not-to-ruetir-com/. in Cortex XSOAR. https://www.paloaltonetworks.com/blog/
(Accessed on 06/20/2023). security-operations/using-chatgpt-in-cortex-xsoar/, 2023. Ac-
cessed: 2023-05-26.
[33] ChatGPT has an ’escape’ plan and wants to be-
[57] Gurpreet Saini. Ethical Implications Of ChatGPT: The
come human. https://www.tomsguide.com/news/
Good, The Bad, The Ugly. https://unstop.com/blog/
chatgpt-has-an-escape-plan-and-wants-to-become-human.
ethical-implications-of-chatgpt, 2023. Accessed: 2023-06-14.
(Accessed on 06/20/2023).
[58] Security Intelligence. ChatGPT Confirms Data Breach, Rais-
[34] Michal Kosinski on Twitter. https://twitter.com/michalkosinski/ ing Security Concerns. https://securityintelligence.com/articles/
status/1636683816923463681?lang=en. (Accessed on 06/20/2023). chatgpt-confirms-data-breach/, 2023. Online; accessed 26 May
[35] Prompt Injection: An AI-Targeted Attack. https://hackaday.com/ 2023.
2023/05/19/prompt-injection-an-ai-targeted-attack/. (Accessed [59] Wired. ChatGPT Has a Big Privacy Problem. https://www.
on 06/19/2023). wired.com/story/italy-ban-chatgpt-privacy-gdpr/, 2023. Online;
[36] Prompt Injection Attacks: A New Frontier in Cybersecurity. https: accessed 26 May 2023.
//www.cobalt.io/blog/prompt-injection-attacks. (Accessed on [60] Techradar. Samsung workers made a major error by
06/19/2023). using ChatGPT. https://www.techradar.com/news/
[37] Understanding the Risks of Prompt Injection Attacks on ChatGPT samsung-workers-leaked-company-secrets-by-using-chatgpt,
and Other Language Models. https://www.netskope.com/blog/ 2023. Online; accessed 26 May 2023.
understanding-the-risks-of-prompt-injection-attacks-on-chatgpt-and-other- \
[61] OpenAI. GPT-4 Technical Paper. https://cdn.openai.com/
language-models. (Accessed on 06/19/2023). papers/gpt-4.pdf, 2023. Online; accessed 26 May 2023.
[38] AI-powered Bing Chat spills its secrets via prompt injection attack. [62] Darkreading. ChatGPT Hallucinations Open
https://arstechnica.com/information-technology/2023/02/ Developers to Supply Chain Malware Attacks.
ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/. https://www.darkreading.com/application-security/
(Accessed on 06/20/2023). chatgpt-hallucinations-developers-supply-chain-malware-attacks,
[39] Prompt Injection Attack on GPT-4. https: 2023. Online; accessed 26 May 2023.
//www.robustintelligence.com/blog-posts/ [63] Daniel Adiwardana, Minh-Thang Luong, David R. So, Jamie Hall,
prompt-injection-attack-on-gpt-4. (Accessed on 06/20/2023). Noah Fiedel, Romal Thoppilan, Zi Yang, Apoorv Kulshreshtha,
[40] GreyDGL/PentestGPT: A GPT-empowered penetration testing Gaurav Nemade, Yifeng Lu, and Quoc V. Le. Towards a Human-
tool. https://github.com/GreyDGL/PentestGPT. (Accessed on like Open-Domain Chatbot, 2020.
06/09/2023). [64] deepchecks. OpenAI’s ChatGPT vs. Google’s Bard AI:
[41] Kaspersky. What is WannaCry ransomware? https://usa. A Comparative Analysis. https://deepchecks.com/
kaspersky.com/resource-center/threats/ransomware-wannacry, openais-chatgpt-vs-googles-bard-ai-a-comparative-analysis/,
2023. Online; accessed 26 May 2023. 2023. Online; accessed 26 June 2023.
[42] Avast Academy. What Is Ryuk Ransomware? https://www.avast. [65] OpenAI. ChatGPT-plugins. https://openai.com/blog/
com/c-ryuk-ransomware. Accessed: 2023-06-14. chatgpt-plugins, 2023. Accessed: 2023-06-26.
[43] NordVPN. What Is REvil Ransomware? https://nordvpn. [66] Google. Google Bard FAQ. https://bard.google.com/faq, 2023.
∼
com/blog/revil-ransomware/#: :text=%E2%80%9CREvil%E2% Accessed: 2023-06-26.
80%9D%20is%20the%20name%20of,malware%20to%20launch%
20dangerous%20attacks. Accessed: 2023-06-14.
[44] Mimicast. What is Locky ransomware? https:
//www.mimecast.com/content/locky-ransomware/#:∼:
text=Locky%20ransomware%20is%20one%20of,until%20a%
20ransom%20is%20paid, 2023. Online; accessed 26 May 2023.
[45] Meltdown and Spectre. Meltdown and Spectre. https://
meltdownattack.com/, 2023. Online; accessed 26 May 2023.
[46] ZombieLoad Attack. ZombieLoad Attack. https:
//zombieloadattack.com/, 2023. Online; accessed 26 May
2023.
[47] Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodor-
escu. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer
Attacks and Privilege Escalation. In USENIX Security Symposium,
pages 19–35, 2016.
[48] Eran Shimony and Omer Tsarfati. Chatting Our
Way Into Creating a Polymorphic Malware. https:
//www.cyberark.com/resources/threat-research-blog/
chatting-our-way-into-creating-a-polymorphic-malware, 2023.
Accessed: 2023-05-26.
[49] https://www.techtarget.com/searchsecurity/tip/
ChatGPT-cybersecurity-benefits-for-the-enterprise#:∼:
text=ChatGPT%20could%20support%20overworked%20security,
GUPTA ET AL: FROM CHATGPT TO THREATGPT: IMPACT OF GENERATIVE AI IN CYBERSECURITY AND PRIVACY 27

Maanak Gupta (Senior Member, IEEE) is an
Assistant Professor in Computer Science at Ten-
nessee Tech University, Cookeville, USA. He re-
ceived M.S. and Ph.D. in Computer Science from
the University of Texas at San Antonio (UTSA)
and has also worked as a postdoctoral fellow at
the Institute for Cyber Security (ICS) at UTSA.
His primary area of research includes security
and privacy in cyber space focused in studying
foundational aspects of access control, malware
analysis, AI and machine learning assisted cyber
security, and their applications in technologies including cyber physi-
cal systems, cloud computing, IoT and Big Data. He has worked in
developing novel security mechanisms, models and architectures for
next generation smart cars, intelligent transportation systems and smart
farming. He was awarded the 2019 computer science outstanding doc-
toral dissertation research award from UT San Antonio. His research
has been funded by the US National Science Foundation (NSF), NASA,
and US Department of Defense (DoD) among others. He holds a B.Tech
degree in Computer Science and Engineering, from India and an M.S.
in Information Systems from Northeastern University, Boston, USA.
Lopamudra Praharaj is a Ph.D. student spe-
cializing in Cyber Security Research at Ten-
nessee Technological University. She received
the Master of Technology degree in Advanced
Computer Science from Utkal University, India,
and a master’s in computer applications degree
from Biju Patnaik Technical University, India. Her
research focuses on applying machine learning
techniques in Smart Farming to enhance cyber
resilience. With a strong background in computer
science, her expertise is in machine learning to
investigate potential vulnerabilities and design robust security solutions
for Smart Farming systems. Her work aims to protect critical agricultural
infrastructure from cyber-attacks/threats, ensuring data integrity, privacy,
and availability in an increasingly interconnected and digitized farming
landscape.

Charankumar Akiri completed his B.Tech. in

Computer Science and Engineering from Jawa-
harlal Nehru Technological University in Kaki-
nada, India. He then went on to earn an M.S. in
Computer Science from the Georgia Institute of
Technology in Atlanta. Currently, he is working
towards his Ph.D. at Tennessee Technological
University in Cookeville, TN, USA. With a career
spanning 12 years in the software industry, Akiri
is now employed at Reddit. His areas of research
focus on cybersecurity within AI, cloud security,
and application security.

Kshitiz Aryal received a B.E. degree in Elec-

tronics and Communication Engineering from
the Institute of Engineering, Tribhuvan Univer-
sity, Nepal. He is currently pursuing an M.S. and
Ph.D. degree with the Department of Computer
Science at Tennessee Technological University,
Cookeville, TN, USA. His primary research area
is exploring the intersection of machine learning
and cybersecurity in malware analysis. Some
of his major interest areas are applied machine
learning, adversarial attacks, reverse engineer-
ing, and data analytics.

Eli Parker is a senior-level undergraduate stu-

dent at Tennessee Technological University,
studying Computer Science with a concentration
of Data Science and Artificial Intelligence. Eli is
interested in Data Analytics and Machine Learn-
ing models.