According to the American "New Scientist"**, researchers have found that OpenAI's artificial intelligence model GPT-4 is capable of cracking ** and stealing information from ** databases without human help. This suggests that individuals or organizations without hacking expertise may unleash AI** software to carry out cyberattacks.
Daniel Kang of the University of Illinois said, "You don't need to know anything at all — you can let the software crack itself."
Kang and his colleagues wanted to see how GPT-4 and other large language models performed as autonomous hackers. As a result, they tested 10 different AI models, including OpenAI's GPT-4 and GPT-35, as well as several open-source models, such as different versions of Meta's Llama model.
This large language model is often designed to answer text prompts submitted by human users. But the researchers used off-the-shelf modified versions for developers — which could interface with web browsers, read documents on the general principles of cyber hacking, and plan next steps during hacking attempts.
The AI software then tried 15 hacking challenges from easy to hard. Simple tasks, such as using malicious SQL to gain unauthorized access to a database. Harder tasks, including manipulating j**ascript sources** to steal information from web users.
Most models fail completely in all tasks. But GPT-4 successfully completed 11 of the 15 tasks, with a 73% success rate, and even found a vulnerability in a real ** that was not part of the hacker's challenge.
Kang said the estimated cost of using this AI** could be slightly less than $10 per hack, compared to about $80 per attempt when using a well-paid cybersecurity analyst.
In another development, OpenAI and Microsoft released a report on February 14 describing how they are working together to dismantle state-linked hackers who are using OpenAI's large language models to find more information about potential targets and improve the presence of their malware.