During their experiments, the researchers tested GPT-4 along with ten other models, including versions of GPT-3.5 and various configurations of LLMs like Llama and Mistral, against 15 documented zero-day vulnerabilities in open-source software. These vulnerabilities were categorized across medium, high, and critical severity levels.
Remarkably, GPT-4 was able to write functional exploits for 87% of these vulnerabilities, translating to 13 out of 15 cases. This level of efficacy starkly contrasts with that of specialized cybersecurity tools like ZAP and Metasploit, which achieved 0% in the same tests. This performance could streamline the activities of cybercriminals, offering them a powerful tool to exploit vulnerabilities at a minimal cost — approximately $8.80 per exploit, significantly cheaper than hiring a human expert, who might charge around $25.
The researchers have reported their findings to OpenAI and have decided not to release the agents publicly. They also noted that GPT-4’s success rate dramatically drops to 7% when it is denied access to CVE descriptions, indicating the critical role of detailed vulnerability information in enabling the AI’s capability.
This development poses a dual-edged sword: while GPT-4 and similar AI models could potentially revolutionize cybersecurity defense strategies by anticipating and mitigating possible attacks, they also present a formidable tool that could be misused by malicious actors to conduct cyberattacks more efficiently and anonymously.
Source: Punto Informatico
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.