In summary, Trend Micro has found only one criminal LLM: WormGPT. Instead, there is a growing incidence, and therefore potential use, of jailbreaking services: EscapeGPT, BlackHatGPT, and LoopGPT. There is also an increasing number of 'services' whose purpose is unclear.
These provide no demo and only mention their supposed capabilities: high on claims but low on proof.
Trend is not sure about the relevance or value of these offerings, and places them in a separate category labeled potential 'scams'.
Other examples include XXX.GPT, WolfGPT, EvilGPT, DarkBARD, DarkBERT, and DarkGPT. In short, when not scamming other criminals, criminals are concentrating on the use of mainstream AI products rather than developing their own AI systems.
This is also seen in the use of AI within other services.
The Predator hacking tool includes a GPT feature using ChatGPT to assist scammers' text creation abilities.
It is also evident in an increasing number of deepfake services.
Image or video deepfakes can be supported by voice deepfakes.
The result is good enough to fool people with little direct knowledge of the faked person, so the services tend to concentrate on the KYC element of false account creation.
Despite the current lack of large-scale criminal exploitation of gen-AI, Trend's researchers highlight indications that this may change.
Criminals' main priorities are learning how to use AI without upending the preference for evolution over revolution, obtaining maximum return on effort, and remaining hidden from law enforcement.
Jailbreaking services allow criminals to use existing LLMs - currently almost entirely ChatGPT - with minimal likelihood of being tracked and traced.
Microsoft and OpenAI have already demonstrated the ability to profile APT use of ChatGPT based on the content of the questions and the location of the source IPs.
For now, new jailbreaking techniques can be developed faster than LLM guardrails can be developed to prevent them.
This may not last with the rapid development of AI technology.
When jailbreaking the main LLMs becomes too difficult, we may see a new evolution in criminal use.
What we currently see is not a rejection of AI by cybercriminals, nor even a lack of understanding, but rather a careful and methodical inclusion of its capabilities.
They suspect that improved deepfakes may be among the earliest applications.
Trend Micro still refrains from joining the doom and gloom AI scenario.
In the overall AI cat and mouse game between criminals and defenders, defenders currently have the edge.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 09 May 2024 15:43:06 +0000