AI presents people and companies with benefits and risks

SMART Access & Identity 2023 Editor's Choice, AI & Data Analytics

Artificial intelligence (AI) and all its derivatives have become a staple in the news over the past few years. Just like video analytics in its early stages, AI promoters oversold the benefits and the technology generally failed to deliver on its promises.

Times have changed though, and AI capabilities have advanced significantly, with even more dramatic advances in the pipeline. In the access control and identity management markets, AI has only recently been seen as a boon to access control with its ability to manage secure access in both the physical and digital worlds. This trend will only continue to grow, although slowly as physical access control installations tend to have a longer lifespan than other technologies. The most development we will see is in integrating access and building management technologies.

In the digital access and identity management world, AI has moved much faster in areas such as facial recognition, even via a mobile. These advances will only continue, including identification at a distance via surveillance cameras as well as behavioural recognition and identification – technologies that have already been developed and deployed. Big Brother will be watching closer than ever in future.

So, while AI will have many positive benefits that will enhance not only the access and identification markets, operational efficiency and situational awareness beyond human capabilities, we will also see the technologies used to create and deploy some of the most dangerous cyber threats.

Following are two opinions on the latest AI newsmaker, the ChatGPT chatbot. Many people have been victimised by companies claiming their chatbots provide support to customers, much to the frustration of said customers when they discover the AI is only used to keep people from talking to a real person and getting their problems or questions resolved. By all accounts, this chatbot is the real thing, using deep learning techniques to generate text and conversations often indistinguishable from those created by actual humans. It has taken the news world by storm and is gaining a lot of attention, while also feeding its own learning algorithms with all the people ‘playing’ with it.

In the world of access control, the abilities of ChatGPT present a real threat to individuals and companies already struggling to defend access and identity against phishing attacks.


Cybersecurity dangers behind impressive new technology

By Anna Collard, SVP content strategy & evangelist at KnowBe4 Africa.


Anna Collard.

It is now possible to use a publicly available artificial chatbot to generate a complete infection chain, possibly beginning with a spear phishing email written in entirely convincing human-like language and eventually causing a complete takeover of a company’s computer systems.

Researchers at Checkpoint recently created such a plausible phishing email as a test. They only used ChatGPT, a chatbot that uses deep learning techniques to generate text and conversations that can convince anyone that a real person wrote it.

In reality, there are many potential cybersecurity dangers wrapped up in this impressive technology, developed by OpenAI and currently available online free.

Here are just a few of them:

1. Social engineering: ChatGPT’s powerful language model can be used to generate realistic and convincing phishing messages, making it easier for attackers to trick victims into providing sensitive information or downloading malware.

2. Scamming: The generation of text through ChatGPT’s language models allows attackers to create fake ads, listings and many other forms of scamming material.

3. Impersonation: ChatGPT can be used to create a convincing digital copy of an individual’s writing style, allowing attackers to impersonate their target in a text-based setting, such as in an email or text message.

4. Automation of attacks: ChatGPT can also be used to automate the creation of malicious messages and phishing emails making it possible for attackers to launch large-scale attacks more efficiently.

5. Spamming: The language model can be fine-tuned to produce large amounts of low-quality content, which can be used in a variety of contexts, including as spam comments on social media or in spam email campaigns.

All five points above are legitimate threats to companies and all Internet users that will only become more prevalent as OpenAI continues to train its model.

If the list above managed to convince you, the technology succeeded in its purpose, although in this instance not with malicious intent. ChatGPT wrote all the text from points one to five with minimal tweaks for clarity. The tool is so powerful it can convincingly identify and word its own inherent dangers to cybersecurity.

However, there are mitigating steps individuals and companies can take, including new-school security awareness training. Cybercrime is moving at light speed. A few years ago, cybercriminals used to specialise in identity theft, but now they take over your organisation’s network, hack into your bank accounts, and steal tens or hundreds of thousands of rand.

An intelligent platform like ChatGPT created with the best intentions, only adds to the burden on Internet users to always stay vigilant, trust their instincts and always know the risks involved in clicking on any link or opening an attachment.


A marvel for some, a cybersecurity threat for most

By Stephen Osler, co-founder and business development director at Nclose.


Stephen Osler.

Companies are lining up to invest in ChatGPT, but what risks come with this ingenious tool for creating human-like text?

Microsoft is reportedly investing $10 billion in OpenAI, the owner of the somewhat controversial large language model chatbot ChatGPT. It uses a deep learning technique to generate text and conversations often indistinguishable from those created by actual humans.

ChatGPT has dazzled amateurs and industry experts ever since its launch at the end of November last year. Given a prompt, ChatGPT can answer complex questions, provide suggestions and even debug programming code all while sounding extremely human.

It is very hard to believe a machine-learning algorithm created the text. Prompted with the question of how it works, ChatGPT explained it uses “a large dataset of text” so that it has “knowledge about a wide range of topics and can respond to a wide variety of questions and prompts”.

On the surface, this might sound like an amazing invention that can be used to explain complex concepts in simple terms. Brainstorm creative ideas, or even automate certain actions like customer support, write memos or keep minutes of meetings. However, it also poses a serious threat to cybersecurity.

Because ChatGPT can be used to write code, malicious actors have already started using it to build malware, sites on the dark web and other tools for enacting cyberattacks. Someone with no prior knowledge of coding can theoretically use ChatGPT to produce dangerous malware. OpenAI, the developer of ChatGPT, gave assurances that it has put restrictions in place to restrict the use of the bot to create malware, but on various online forums, users are boasting about still being able to find workarounds.

The average Internet user can do little to stop these actors from creating malicious software using ChatGPT. It just means that everyone should be extra vigilant of possible malware attacks.

The risk is especially prevalent in phishing emails, a method often used by criminals to serve malware embedded within links or attachments. Usually, poor spelling and incoherent grammar are the most telling traits of a scam email. “Everyone knows to be on the lookout for dodgy wording in an email and then to never click on links or open attachments in such emails, but ChatGPT brings with it a new threat: perfectly written, human-sounding emails that can be very, very convincing.”

This means a bad actor can ask ChatGPT to write a perfectly harmless-looking email that can either contain a link that downloads a malicious file or convinces the reader to supply compromising information like login details.

Cybercriminals have gotten very good at convincing the untrained eye that they are trustworthy. With the advent of ChatGPT it will become even harder to spot the fakes from the real deal. Internet users should always double, no triple check, if the recipient of an email is indeed the correct one. Always make sure you are receiving from and sending an email to the correct recipients.

Legitimate email address is something that an AI language bot like ChatGPT cannot fake. At least not yet.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The global generative AI market surpassed $130 billion in 2024
News & Events AI & Data Analytics
According to a new research report from the IoT analyst firm, Berg Insight, the Generative AI (GenAI) market grew substantially in 2024, experiencing triple-digit growth rates in all three major segments: GenAI hardware, foundation models, and development platforms.

Read more...
Questing for the quantum AI advantage
Infrastructure AI & Data Analytics
The clock is ticking down to the realisation of quantum AI and the sought-after ‘quantum advantage’. In many boardrooms, however, quantum remains mysterious; full of promise, but not fully understood.

Read more...
Directory of suppliers
Technews Publishing SMART Security Solutions Fire & Safety
The Directory of Product and Solution Suppliers for the fire safety industry includes details of companies that provide security and risk mitigation products, advice, and services within this market.

Read more...
Fire safety in commercial kitchens
Technews Publishing Kestrel Distribution Products & Solutions Fire & Safety Commercial (Industry)
Fire safety in commercial kitchens is becoming increasingly critical. Defender is Europe’s first EN 17446:2021-approved kitchen hood fire suppression system and offers the indispensable safety measures required.

Read more...
South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
IoT-driven smart data to stay ahead
IoT & Automation Infrastructure AI & Data Analytics
In a world where uncertainty is constant, the real competitive edge lies in foresight. Businesses that turn real-time data into proactive strategies will not just survive, they will lead.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
From the editor's desk: Regulations, standards and skills, but poor enforcement
Technews Publishing SMART Security Solutions Fire & Safety
South Africa depends on the carrot approach to fire safety; in other words, businesses choosing to do the right thing, as the stick (or enforcement of regulations) is unfortunately lacking.

Read more...
Standards for fire detection
Fire & Safety Associations Editor's Choice
In previous articles in the series on fire standards, Nick Collins discussed SANS 10400-T and SANS 10139. In this editorial, he continues with SANS 322 – Fire Detection and Alarm Systems for Hospitals.

Read more...
Wildfires: a growing global threat
Editor's Choice Fire & Safety
Regulatory challenges and litigation related to wildfire liabilities are on the rise, necessitating robust risk management strategies and well-documented wildfire management plans. Technological innovations are enhancing detection and suppression capabilities.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.