A group of researchers recently discovered that GPT-4, the most advanced iteration of a language model, has the ability to identify and exploit security vulnerabilities without human assistance. In a study conducted by researchers from the University of Illinois Urbana-Champaign, it was shown that large language models (LLM) have the potential to carry out malicious actions when manipulated for that purpose.
The study, shared on the Arxiv repository by Richard Fang, Rohan Bindu, Akil Gupta, and Daniel Kang, acknowledged previous research demonstrating the capability of these models to autonomously hack websites. However, they noted that previous studies were limited to simple vulnerabilities. The researchers compiled a dataset of 15 critical severity vulnerabilities from the vulnerable list and common exposures to demonstrate how GPT-4 can act against them.
According to the research, GPT-4 was able to exploit 87 percent of the vulnerabilities, while GPT-3.5 was unable to exploit any. The researchers believe this success was enabled by the complete CVE descriptions of the vulnerabilities. They suggest that security organizations may consider refraining from publishing detailed reports on vulnerabilities as a mitigation strategy.
To prevent cybercriminals from exploiting ‘zero-day’ vulnerabilities using GPT-4, the researchers recommend proactive security measures such as regular security package updates. They stress the importance of staying ahead of potential threats posed by advancements in language models.
In conclusion, GPT-4 has proven itself capable of identifying and exploiting security vulnerabilities without human assistance. This raises serious concerns about the potential for malicious actors to use these models for nefarious purposes. Security organizations must take proactive measures to protect against these threats and stay ahead of advancements in language models.