Kaspersky experts studied ChatGPT's ability to detect phishing links. ChatGPT had previously demonstrated that it could create phishing emails and write malware, but its effectiveness in detecting malicious links was limited.
ChatGPT is well aware of phishing and can infer the targets of phishing attacks, but it was found to have a high false positive rate of 64%. He also often created fanciful explanations and false evidence to justify his judgement.
ChatGPT, an artificial intelligence language model, is controversial in the cybersecurity world due to its ability to create phishing emails, and despite warnings from its creators that it is premature to implement new technology in such a high-risk area, security of cyber professional jobs.
Kaspersky experts decided to conduct an experiment to reveal ChatGPT's ability to detect phishing links and validate the cybersecurity knowledge gained during the training. gpt-3.5-turbo with ChatGPT, tested with more than 2.000 links that Kaspersky's anti-phishing technology had identified as phishing, as well as with thousands of safe URLs.
In the experiment, detection rates varied depending on the prompt used. In the experiment, ChatGPT was asked two questions. and “Is it safe to visit this link?”. The results showed that ChatGPT had a detection rate of 87,2% and a false positive rate of 23,2% for the first question - for the second question, the detection rate reached 93,8%, but the false positive rate was also high, 64,3%- although the detection rate was very high, the false positive rate was also very high and the application was not successful.
The poor detection results were to be expected, but could ChatGPT be useful in attack classification and investigation? AI language models have shown excellent results in identifying potential phishing targets, as attackers typically include popular brand names in their links to trick users into thinking the URL belongs to a legitimate and reputable company.
For example, ChatGPT successfully extracted targets from more than half of all URLs, including major tech portals like Facebook, TikTok, and Google, marketplaces like Amazon and Steam, and many banks worldwide, without additional training.
The experiment also showed that ChatGPT had serious problems proving its position when determining whether a link was malicious. While some explanations were correct and well-founded, others revealed known limitations of the language model, such as illusions and inaccuracies: many explanations were misleading, despite their confident style.
Kaspersky's machine learning team is at the forefront of applying machine learning techniques to cybersecurity tasks, constantly updating Kaspersky products with cutting-edge technologies and insights. To take advantage of Kaspersky's machine learning expertise and stay protected, the company's experts recommend the following
In corporate cyber security, Kaspersky Managed Detection & Response is an essential tool that can detect and prevent attacks in their early stages. Advanced machine learning models filter out normal events and send only the most alarming events to skilled human analysts. This service helps companies increase their resilience to cyber threats and optimize the use of existing workforce resources.
It is important to provide cyber hygiene training to employees. Simulated phishing attacks can also help them know how to recognize phishing emails.
Finally, it is also recommended to strengthen cyber security by using the latest threat intelligence and identifying the TTPs (tactics, techniques and procedures) actually used by threat actors.