ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement

Minhaz Chowdhury; Nafiz Rifat; Shadman Latif; Mostofa Ahsan; Md Saifur Rahman; Rahul Gomes

doi:10.1109/eit57321.2023.10187385

ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement

Minhaz Chowdhury, Nafiz Rifat, Shadman Latif, Mostofa Ahsan, Md Saifur Rahman, Rahul Gomes

Math, Science, and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The field of Natural Language Processing has observed significant advancements in the development of sophisticated conversational Artificial Intelligence systems. ChatGPT is one such state-of-the-art conversational system that has attracted considerable interest and adoption. It enables developers to create highly interactive and engaging conversational applications using deep neural networks to produce human-like responses to user inputs. Such capabilities have made it popular in the threat actors' world. However, threat actors can abuse this chatbot to generate attack vectors as part of an operation. ChatGPT can be abused to produce practical and realistic communications that can be used in phishing attacks. These communications help the attack vectors distribution, i.e., prompt users to download and set up malware or disclose confidential information. ChatGPT has security measures to prevent malicious queries from generating attack vectors. However, the threat actors can circumvent such security controls through deception. This abusive use of ChatGPT makes the supply chain management of attack vectors effective and efficient. In this study, we presented evidence from various sources, showing how ChatGPT is abused to help the threat actors to improve each step of the attack vectors' supply chain management.

Original language	English (US)
Title of host publication	2023 IEEE International Conference on Electro Information Technology, eIT 2023
Publisher	IEEE Computer Society
Pages	499-504
Number of pages	6
ISBN (Electronic)	9781665493765
DOIs	https://doi.org/10.1109/eit57321.2023.10187385
State	Published - 2023
Event	2023 IEEE International Conference on Electro Information Technology, eIT 2023 - Romeoville, United States Duration: May 18 2023 → May 20 2023

Publication series

Name	IEEE International Conference on Electro Information Technology
Volume	2023-May
ISSN (Print)	2154-0357
ISSN (Electronic)	2154-0373

Conference

Conference	2023 IEEE International Conference on Electro Information Technology, eIT 2023
Country/Territory	United States
City	Romeoville
Period	5/18/23 → 5/20/23

Bibliographical note

Publisher Copyright:
© 2023 IEEE.

Keywords

Artificial Intelligence
ChatGPT
Chatbot
Machine Learning
Malware
Malware as a Service
Natural Language Processing
OpenAI
Phishing Attack
Social Engineering Attack
Supply Chain Management

Publisher link

10.1109/eit57321.2023.10187385

Find It

Find It at U of M Libraries

Cite this

Chowdhury, M., Rifat, N., Latif, S., Ahsan, M., Rahman, M. S., & Gomes, R. (2023). ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement. In 2023 IEEE International Conference on Electro Information Technology, eIT 2023 (pp. 499-504). (IEEE International Conference on Electro Information Technology; Vol. 2023-May). IEEE Computer Society. https://doi.org/10.1109/eit57321.2023.10187385

ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement. / Chowdhury, Minhaz; Rifat, Nafiz; Latif, Shadman et al.
2023 IEEE International Conference on Electro Information Technology, eIT 2023. IEEE Computer Society, 2023. p. 499-504 (IEEE International Conference on Electro Information Technology; Vol. 2023-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chowdhury, M, Rifat, N, Latif, S, Ahsan, M, Rahman, MS & Gomes, R 2023, ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement. in 2023 IEEE International Conference on Electro Information Technology, eIT 2023. IEEE International Conference on Electro Information Technology, vol. 2023-May, IEEE Computer Society, pp. 499-504, 2023 IEEE International Conference on Electro Information Technology, eIT 2023, Romeoville, United States, 5/18/23. https://doi.org/10.1109/eit57321.2023.10187385

@inproceedings{af9c9162f07f402d8f611076184014d6,

title = "ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement",

abstract = "The field of Natural Language Processing has observed significant advancements in the development of sophisticated conversational Artificial Intelligence systems. ChatGPT is one such state-of-the-art conversational system that has attracted considerable interest and adoption. It enables developers to create highly interactive and engaging conversational applications using deep neural networks to produce human-like responses to user inputs. Such capabilities have made it popular in the threat actors' world. However, threat actors can abuse this chatbot to generate attack vectors as part of an operation. ChatGPT can be abused to produce practical and realistic communications that can be used in phishing attacks. These communications help the attack vectors distribution, i.e., prompt users to download and set up malware or disclose confidential information. ChatGPT has security measures to prevent malicious queries from generating attack vectors. However, the threat actors can circumvent such security controls through deception. This abusive use of ChatGPT makes the supply chain management of attack vectors effective and efficient. In this study, we presented evidence from various sources, showing how ChatGPT is abused to help the threat actors to improve each step of the attack vectors' supply chain management.",

keywords = "Artificial Intelligence, ChatGPT, Chatbot, Machine Learning, Malware, Malware as a Service, Natural Language Processing, OpenAI, Phishing Attack, Social Engineering Attack, Supply Chain Management",

author = "Minhaz Chowdhury and Nafiz Rifat and Shadman Latif and Mostofa Ahsan and Rahman, {Md Saifur} and Rahul Gomes",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 IEEE International Conference on Electro Information Technology, eIT 2023 ; Conference date: 18-05-2023 Through 20-05-2023",

year = "2023",

doi = "10.1109/eit57321.2023.10187385",

language = "English (US)",

series = "IEEE International Conference on Electro Information Technology",

publisher = "IEEE Computer Society",

pages = "499--504",

booktitle = "2023 IEEE International Conference on Electro Information Technology, eIT 2023",

}

TY - GEN

T1 - ChatGPT

T2 - 2023 IEEE International Conference on Electro Information Technology, eIT 2023

AU - Chowdhury, Minhaz

AU - Rifat, Nafiz

AU - Latif, Shadman

AU - Ahsan, Mostofa

AU - Rahman, Md Saifur

AU - Gomes, Rahul

PY - 2023

Y1 - 2023

N2 - The field of Natural Language Processing has observed significant advancements in the development of sophisticated conversational Artificial Intelligence systems. ChatGPT is one such state-of-the-art conversational system that has attracted considerable interest and adoption. It enables developers to create highly interactive and engaging conversational applications using deep neural networks to produce human-like responses to user inputs. Such capabilities have made it popular in the threat actors' world. However, threat actors can abuse this chatbot to generate attack vectors as part of an operation. ChatGPT can be abused to produce practical and realistic communications that can be used in phishing attacks. These communications help the attack vectors distribution, i.e., prompt users to download and set up malware or disclose confidential information. ChatGPT has security measures to prevent malicious queries from generating attack vectors. However, the threat actors can circumvent such security controls through deception. This abusive use of ChatGPT makes the supply chain management of attack vectors effective and efficient. In this study, we presented evidence from various sources, showing how ChatGPT is abused to help the threat actors to improve each step of the attack vectors' supply chain management.

AB - The field of Natural Language Processing has observed significant advancements in the development of sophisticated conversational Artificial Intelligence systems. ChatGPT is one such state-of-the-art conversational system that has attracted considerable interest and adoption. It enables developers to create highly interactive and engaging conversational applications using deep neural networks to produce human-like responses to user inputs. Such capabilities have made it popular in the threat actors' world. However, threat actors can abuse this chatbot to generate attack vectors as part of an operation. ChatGPT can be abused to produce practical and realistic communications that can be used in phishing attacks. These communications help the attack vectors distribution, i.e., prompt users to download and set up malware or disclose confidential information. ChatGPT has security measures to prevent malicious queries from generating attack vectors. However, the threat actors can circumvent such security controls through deception. This abusive use of ChatGPT makes the supply chain management of attack vectors effective and efficient. In this study, we presented evidence from various sources, showing how ChatGPT is abused to help the threat actors to improve each step of the attack vectors' supply chain management.

KW - Artificial Intelligence

KW - ChatGPT

KW - Chatbot

KW - Machine Learning

KW - Malware

KW - Malware as a Service

KW - Natural Language Processing

KW - OpenAI

KW - Phishing Attack

KW - Social Engineering Attack

KW - Supply Chain Management

UR - http://www.scopus.com/inward/record.url?scp=85166740075&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85166740075&partnerID=8YFLogxK

U2 - 10.1109/eit57321.2023.10187385

DO - 10.1109/eit57321.2023.10187385

M3 - Conference contribution

AN - SCOPUS:85166740075

T3 - IEEE International Conference on Electro Information Technology

SP - 499

EP - 504

BT - 2023 IEEE International Conference on Electro Information Technology, eIT 2023

PB - IEEE Computer Society

Y2 - 18 May 2023 through 20 May 2023

ER -

ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement

Abstract

Publication series

Conference

Bibliographical note

Keywords

Publisher link

Find It

Other files and links

Fingerprint

Cite this