ChatGPT Falls Short in Cybersecurity, According to ImmuneFi Report
OpenAI’s ChatGPT has gained popularity among coders, but a recent report by cybersecurity firm ImmuneFi suggests that it may not be reliable enough to detect critical vulnerabilities. ImmuneFi conducted a survey and found that approximately 76% of white hat researchers, who identify and fix system weaknesses, regularly use ChatGPT, while only about 23% do not.
However, the report reveals that many researchers have reservations about ChatGPT’s effectiveness. The most significant concern highlighted by ImmuneFi is the limited accuracy of ChatGPT in identifying security vulnerabilities, as noted by 64% of respondents. Additionally, approximately 61% of participants felt that ChatGPT lacked the specialized knowledge to identify exploits that hackers could exploit.
Jonah Micheals, communications lead at ImmuneFi, acknowledges that white hat researchers see potential in ChatGPT, especially for educational purposes. However, ImmuneFi’s stance differs, as they believe it has limited use and often produces inadequate bug reports. Micheals emphasizes that these reports may appear well-written but contain flaws based on functions that do not exist.
Due to these issues, ImmuneFi has prohibited the submission of bug reports based on ChatGPT since its public release. The company shared a screenshot of a prompt asking ChatGPT why it shouldn’t be used for bug reporting, to which the chatbot responded that its outputs may be inaccurate or irrelevant.
ChatGPT has faced criticism for its inconsistent accuracy in various contexts, including generating false sexual assault allegations and referencing nonexistent legal precedents. OpenAI has warned against blindly trusting GPT models due to their tendency to provide misleading and inaccurate information. However, OpenAI did not respond to Decrypt’s request for comment on this matter.
The white hat community, as revealed in the ImmuneFi report, believes that ChatGPT models need more training to effectively diagnose cyber threats and conduct audits. Currently, ChatGPT lacks the necessary specialized knowledge. Micheals suggests relying on manually crafted code for safety purposes, stating that there may come a day when ChatGPT or similar AI tools can perform these tasks reliably, specifically trained on project repositories and the blockchain domain.
Micheals concludes that, for now, he cannot recommend relying on ChatGPT due to the high stakes and the nascent nature of the field. While there is potential for improvement, the current limitations should be taken into consideration.
In summary, while ChatGPT has gained popularity among some cybersecurity researchers, the ImmuneFi report highlights concerns about its limited accuracy and lack of specialized knowledge. ImmuneFi has taken a cautious approach and banned the usage of ChatGPT for bug reporting due to the often flawed and unreliable bug reports generated. As the field progresses, there may be opportunities for improvement, but for now, manually crafted code remains the more reliable option in cybersecurity.
Keywords: ChatGPT, cybersecurity, ImmuneFi report, researchers, accuracy, vulnerabilities, specialized knowledge, bug reports, OpenAI, limitations.
