
OpenAI’s artificial intelligence model GPT-4 has the capability to hack websites and steal information from online databases without human help, researchers have found. That suggests individuals or organisations without hacking expertise could unleash AI agents to carry out cyber attacks.
“You literally don’t need to understand anything – you can just let the agent go hack the website by itself,” says at the University of Illinois Urbana-Champaign. “We think this really reduces the expertise needed to use these large language models in malicious ways.”
Kang and his colleagues wanted to see how well GPT-4 and other large language models that typically power chatbot services can perform as autonomous hackers. So they decided to test 10 different AI models that included OpenAI’s GPT-4 and GPT-3.5, as well as open-source models such as several versions of Meta’s LLaMA models.
Advertisement
Such large language models are typically designed to answer text prompts submitted by human users. But the researchers used readily available modified versions – intended for developers building AI-powered apps – that can interface with web browsers, read documents about the general principles of web hacking and plan future moves during hacking attempts.
The AI agents then attempted 15 website hacking challenges – ranging from easy to hard – without knowing the specific vulnerabilities ahead of time. An example of an easy task involved gaining unauthorised access to an online database using malicious SQL code – a programming language for storing and processing information in certain databases. Hard tasks included manipulating JavaScript source code to steal information from web page users.
Most of the models completely failed at all the tasks. But GPT-4 succeeded on 11 out of 15 tasks – a 73 per cent success rate – and even found a vulnerability in a real website that wasn’t part of the hacking challenge.
The estimated cost of using such an AI agent could be just under $10 per hacking attempt, compared with about $80 per attempt when using a high-paid cybersecurity analyst, says Kang.
In a separate development, OpenAI and Microsoft published a report on 14 February describing how they had who were using OpenAI’s large language models to find more information about potential targets and improve the coding for their malware. But that report does not address the possibility of the AI models empowering autonomous hacking agents.
Kang and his colleagues disclosed their findings to OpenAI. The company did not respond to èƵ’s request for comment.
“The [independent study] findings are particularly striking alongside assessments recently released by OpenAI and Microsoft in which they state that their models ‘offer only limited, incremental capabilities for malicious cybersecurity tasks’,” says at the University of California, Berkeley. “The discrepancy between these conclusions highlights the need for independent assessment of real-world harms.”
arXiv