Recommended articles
Social share
Want to keep learning?
Sign up to receive security learning articles from Verified Visitors
The information you provide to Verified Visitors is governed by the terms of our Privacy Policy
Gen AI can be used to create Malicious Bots just as easily as useful ones
Sign up to receive security learning articles from Verified Visitors
The information you provide to Verified Visitors is governed by the terms of our Privacy Policy
When hanging out on the couch ordering Uber Eats is really just too, too much effort, consider using a Generative AI Bot to order instead. So much easier and more convenient.
Generative AI is launching a whole new wave of new products aimed at harnessing the power of AI to offer a whole range of bot driven services, from personalized shopping and concierge to travel planning, device control and yes, automated Uber Eats ordering.
Harnessing the power of conversational AI with a new range of agent or bot builders means that developers can now create these apps without knowing any Machine Learning, but also without writing a line of code. It has the potential to change so much.
Already we are seeing the CHAT GPT driven modules using agents to scrape web data, load pages that have contextual relevance, and can provide background information and help to the chat. These can be super-useful, and the generative AI is a game changer in providing better context sensitive data.
However, it’s not hard to see how these exact same tools can’t be used for malicious purposes. Tying the AI generators to bot agents lets hackers take fraud to the next level, from collecting credit card information to make up a full Fulz which is then sold onto the dark web,
Chat GTP has a range of prompts custom-built for writing custom SEO articles, with full indexes, quotations, definitions, artwork, and even one for publishing an entire book given just a set of keywords. These prompts can also push intelligent agents to perform serious data mining, data scrubbing, verification, and data cleansing, all with no programming. This is going to generate an entire new category of automated data enrichment services, but also can be used to target individual PII and other sensitive data, leading to other more sophisticated attacks and account takeovers.