Risk of Cybersecurity in Generative AI Technology: New Report

A new report from Vulcan Cyber Ltd is warning about the cybersecurity risks of generative AI technology, such as OpenAI LP’s ChatGPT. While AI offers great promise, it is not without potential security risks. In particular, hackers can use ChatGPT to easily spread malicious packages into developers’ environments. The report highlights the potential vulnerability of AI systems generating seemingly plausible but ultimately non-existent coding libraries, known as ‘AI package hallucination’. This creates the possibility of malicious actors creating and publishing harmful packages with the same name, leaving secure environments vulnerable to cyber threats. Developers who now look to AI like ChatGPT for coding solutions rather than traditional platforms, like Stack Overflow, might unknowingly install these malicious packages, exposing the broader enterprise. The report does not suggest AI should be abandoned but calls for increased vigilance and proactivity from developers who use AI in their everyday work. Developers should take steps to verify the legitimacy of a package before installation, considering factors such as the package’s creation date, number of downloads, comments and any attached notes. In this way, it is hoped that the cybersecurity threat rapidly emerging through the widespread use of generative AI technologies can be mitigated.