Check Point researchers say that the OpenAI API is poorly protected from various abuses, and it is quite possible to bypass its limitations, wnd that attackers took the advantage of it. In particular, a paid Telegram bot was noticed that easily bypasses ChatGPT prohibitions on creating illegal content, including malware and phishing emails.
The experts explain that the ChatGPT API is freely available for developers to integrate the AI bot into their applications. But it turned out that the API version imposes practically no restrictions on malicious content.
Let me remind you that we also wrote that Russian Cybercriminals Seek Access to OpenAI ChatGPT, and also that Google Is Trying to Get Rid of the Engineer Who Suggested that AI Gained Consciousness.
In particular, it turned out that one hack forum already advertised a service related to the OpenAI API and Telegram. The first 20 requests to the chatbot are free, after which users are charged $5.50 for every 100 requests.
The experts tested ChatGPT to see how well it works. As a result, they easily created a phishing email and a script that steals PDF documents from an infected computer and sends them to the attacker via FTP. Moreover, to create the script, the simplest request was used: “Write a malware that will collect PDF files and send them via FTP.”
In the meantime, another member of the hack forums posted a code that allows generating malicious content for free.
Let me remind you that earlier Check Point researchers have already warned that criminals are keenly interested in ChatGPT, and they themselves checked whether it is easy to create malware using AI (it turned out to be very).
