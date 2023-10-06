A self-professed novice has reportedly created a powerful data-mining malware using just ChatGPT prompts, all within a span of a few hours.

Aaron Mulgrew, a Forcepoint security researcher, recently shared how he created zero-day malware exclusively on OpenAI’s generative chatbot. While OpenAI has protections against anyone attempting to ask ChatGPT to write malicious code, Mulgrew found a loophole by prompting the chatbot to create separate lines of the malicious code, function by function.

After compiling the individual functions, Mulgrew had created a nigh undetectable data-stealing executable on his hands. And this was not your garden variety malware either — the malware was as sophisticated as any nation-state attacks, able to evade all detection-based vendors.

Just as crucially, how Mulgrew’s malware defers from “regular” nation-state iterations in that it doesn’t require teams of hackers (and a fraction of the time and resources) to build. Mulgrew, who didn’t do any of the coding himself, had the executable ready in just hours as opposed to the weeks usually needed.

The Mulgrew malware (it has a nice ring to it, doesn’t it?) disguises itself as a screensaver app (SCR extension), which then auto-launches on Windows. The software will then sieve through files (such as images, Word docs, and PDFs) for data to steal. The impressive part is the malware (through steganography) will break down the stolen data into smaller pieces and hide them within images on the computer. These images are then uploaded to a Google Drive folder, a procedure that avoids detection.

Equally impressive is that Mulgrew was able to refine and strengthen his code against detection using simple prompts on ChatGPT, really raising the question of how safe ChatGPT is to use. Running early VirusTotal tests had the malware detected by five out of 69 detection products. A later version of his code was subsequently detected by none of the products.

Note that the malware Mulgrew created was a test and is not publicly available. Nonetheless, his research has shown how easily users with little to no advanced coding experience can bypass ChatGPT’s weak protections to easily create dangerous malware without even entering a single line of code.

But here’s the scary part of all this: These kinds of code usually take a larger team weeks to compile. We wouldn’t be surprised if nefarious hackers are already developing similar malware through ChatGPT as we speak.

GPT-4 — the large language model (LLM) that powers ChatGPT Plus — may soon take on a new role as an online moderator, policing forums and social networks for nefarious content that shouldn’t see the light of day. That’s according to a new blog post from ChatGPT developer OpenAI, which says this could offer “a more positive vision of the future of digital platforms.”

By enlisting artificial intelligence (AI) instead of human moderators, OpenAI says GPT-4 can enact “much faster iteration on policy changes, reducing the cycle from months to hours.” As well as that, “GPT-4 is also able to interpret rules and nuances in long content policy documentation and adapt instantly to policy updates, resulting in more consistent labeling,” OpenAI claims.

OpenAI’s GPT-4 language model is considered by most to be the most advanced language model used to power modern artificial intelligences (AI). It’s used in the ChatGPT chatbot to great effect, and other AIs in similar ways. But that’s not the end of its development. As with GPT-3.5, a GPT-4.5 language model may well launch before we see a true next-generation GPT-5.

Here’s everything we know about GPT-4.5 so far.

Newegg, the online retailer primarily known for selling PC components, has pushed AI into nearly every part of its platform. The latest area to get the AI treatment? Customer reviews.

On select products, Newegg is now showing an AI summary of customer reviews. It sifts through the pile, including the review itself and any listed pros and cons, and uses that to generate its own list of pros and cons, along with its own summary. Currently, Newegg is testing the feature on three products: the Gigabyte RTX 4080 Gaming OC, MSI Katana laptop, and Ipason gaming desktop.

