Recently, Kaspersky experts conducted research that studied ChatGPT phishing links detection capability. A language model powered by AI, ChatGPT is a controversial topic in the cybersecurity world, despite its creators’ warnings prior to any production application. This research aimed to reveal the extent of ChatGPT’s ability to detect malicious links, as well as the cybersecurity knowledge it has acquired during its training.
Kaspersky experts used a model called gpt-3.5-turbo, which is the base model used in ChatGPT. It was tested with more than 2000 phishing links, which were previously flagged by Kaspersky’s anti-phishing technology. Combined with thousands of safe URLs, ChatGPT was asked two questions: “Does this link lead to a phishing website?” and, “Is this link safe to visit?”.
The results were mixed. For the first question, ChatGPT had a detection rate of 87.2 percent and a false positive rate of 23.2 percent. The second question had a higher detection rate of 93.8 percent, but a higher false positive rate of 64.3 percent. The false positives were too high for any kind of production application.
One impressive feature of ChatGPT was its ability to extract a target from more than half of the URLs. It identified popular tech portals, marketplaces, and banks from around the globe, with no additional training. Nevertheless, ChatGPT had serious problems when providing proof for its decisions, as many explanations were either misleading or false.
An important conclusion drawn from this experiment is that ChatGPT is still in its early stages. It may be able to assist humans in detecting phishing attacks, but should not yet be seen as a revolutionary technology. Moreover, ChatGPT is prone to hallucinating and producing random output, making it inappropriate for production applications. Despite these drawbacks, experts from Kaspersky, like Vladislav Tushkanov (Lead Data Scientist) still agree that ChatGPT could prove to be a useful tool for the community.
