Emerging Threat: Adversaries Exploit Generative AI in Offensive Cyber Operations

Emerging Threat: Adversaries Exploit Generative AI in Offensive Cyber Operations

In a recent announcement, Microsoft has disclosed that U.S. adversaries, primarily Iran and North Korea, have been utilizing generative artificial intelligence (AI) technology to conduct offensive cyber operations. The development, in collaboration with Microsoft’s business partner OpenAI, signifies an emerging threat as these adversaries leverage large-language models to enhance their capabilities to breach networks and carry out influence operations. While Microsoft acknowledges that the observed techniques are not entirely novel, it recognizes the need to expose these actions publicly to shed light on the evolving landscape of cyber warfare.

The use of machine learning in cybersecurity is not new. Cybersecurity firms have long employed machine learning algorithms to detect anomalous behavior in networks. However, the introduction of large-language models like OpenAI’s ChatGPT has elevated the game between defenders and offensive hackers. As a result, Microsoft, which has invested billions of dollars in OpenAI, is committed to tackling this new challenge head-on.

Microsoft’s investment coincides with the release of a report predicting that generative AI will contribute to more sophisticated malicious social engineering tactics, including the creation of advanced deepfakes and voice cloning. These developments are particularly concerning in a year when over 50 countries are conducting elections, amplifying the potential impact of disinformation campaigns.

To highlight the extent of the threat, Microsoft shared a few examples of how these adversarial groups have been exploiting generative AI. The North Korean cyberespionage group known as Kimsuky has utilized large-language models to research foreign think tanks and generate content for spear-phishing hacking campaigns. Iran’s Revolutionary Guard has employed the technology for social engineering, software troubleshooting, and studying evasion techniques within compromised networks. China’s cyberespionage groups, Aquatic Panda and Maverick Panda, have also interacted with large-language models, exploring ways to augment their technical operations and evaluate the effectiveness of AI-powered information sources.

OpenAI, in a separate blog post, emphasized that their current model, ChatGPT, offers only limited capabilities for malicious cybersecurity tasks compared to publicly available, non-AI-powered tools. This statement aims to clarify that responsible use of the technology remains a key consideration.

Layers of complexity surround the issue, as some critics argue that the hasty release of large-language models by organizations like Microsoft, Google, and Meta has contributed to the dilemma. By prioritizing speed over security, these companies unintentionally opened Pandora’s Box, allowing bad actors to exploit the technology for malicious purposes. Critics believe that instead of developing defensive tools, companies like Microsoft should focus on building more secure black-box models as a foundation for large-language models.

Experts in the field recognize the long-term implications of utilizing AI and large-language models in offensive cyber operations. Edward Amoroso, NYU professor and former AT&T Chief Security Officer, warns that while the threat may not be immediately obvious, AI-equipped large-language models will inevitably become potent weapons for nation-state militaries.

As the world grapples with the risks and challenges posed by artificial intelligence, it is essential for organizations like Microsoft and OpenAI to strike a balance between innovation and security. The ongoing fight for cyber defense requires continuous adaptation and proactive measures to ensure that the power of AI is harnessed responsibly.