ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement
Minhaz Chowdhury, Nafiz Rifat, Shadman Latif, Mostofa Ahsan, Md. Saifur Rahman, Rahul Gomes
Abstract
The field of Natural Language Processing has observed significant advancements in the development of sophisticated conversational Artificial Intelligence systems. ChatGPT is one such state-of-the-art conversational system that has attracted considerable interest and adoption. It enables developers to create highly interactive and engaging conversational applications using deep neural networks to produce human-like responses to user inputs. Such capabilities have made it popular in the threat actors' world. However, threat actors can abuse this chatbot to generate attack vectors as part of an operation. ChatGPT can be abused to produce practical and realistic communications that can be used in phishing attacks. These communications help the attack vectors distribution, i.e., prompt users to download and set up malware or disclose confidential information. ChatGPT has security measures to prevent malicious queries from generating attack vectors. However, the threat actors can circumvent such security controls through deception. This abusive use of ChatGPT makes the supply chain management of attack vectors effective and efficient. In this study, we presented evidence from various sources, showing how ChatGPT is abused to help the threat actors to improve each step of the attack vectors' supply chain management.