Home CISO STRATEGY How will ChatGPT-5 change your cyber security strategy?

How will ChatGPT-5 change your cyber security strategy?

June 21, 2024

EXECUTIVE SUMMARY:

Yesterday, OpenAI’s Chief Technology Officer, Mira Murati, described the level of intelligence that will be packed into the forthcoming ChatGPT model. ChatGPT-5 is expected to have ‘Ph.D-level’ smarts.

“If you look at the trajectory of improvement, systems like GPT-3 were maybe toddler-level intelligence,” said Murati. “And then systems like GPT-4 are more like smart high-schooler intelligence…in the next couple of years, we’re looking at Ph.D. intelligence for specific tasks,” Murati continued.

In regards to cyber security and cyber security professionals, the implications are still unfurling. Nonetheless, the handful of possibilities outlined below are worth preparing for now – before hackers attempt to weaponize this technology (and disrupt your organization).

ChatGPT-5 potential threats

According to Murati, GPT-5 is due to be released near the close of 2025 or in early 2026. While technology aficionados may wish that the next GPT leap were nearer, the timeline presents cyber security pros with the opportunity to prepare for unprecedented possibilities, like these:

ChatGPT-5 may be able to analyze software code. In so doing, it may be able to immediately identify software weaknesses and generate custom exploits for any found vulnerabilities. In other words, ChatGPT-5 could effectively serve vulnerabilities to cyber criminals on a silver platter.
ChatGPT-5 could also result in social engineering gone-wild; think hyper-personalized phishing emails and smishing messages. Such messages may be so elegantly and seamlessly crafted that humans, if not machines, will almost certainly struggle to recognize them as phony and duplicitous.
Concern around generative AI’s abilities to sow misinformation and disinformation isn’t new. But ChatGPT-5 could potentially generate journalistic, realistic-looking fake news articles and social media posts. In turn, this could manipulate (and confuse) the general public. Effects could range from brand damage to social discord, depending on how the AI is employed.

Strategic CISO recommendations

1. Develop an AI-aware vulnerability management program. Given ChatGPT-5’s potential to analyze code and identify software weaknesses with a high level of accuracy, CISOs should create a vulnerability management program that uses AI-powered tooling.

This program should be able to quickly identify, prioritize and address vulnerabilities; before adversaries can exploit them using similar AI capabilities.

2. Enhance social engineering defenses. Hyper-personalized phishing is already a problem (whaling). To get ahead of this issue, consider advanced user education programs, along with AI-powered email and message filtering systems. Email filtering systems should be able to detect and neutralize highly evolved social engineering tactics.

3. Implement AI-powered misinformation detection. As noted earlier, ChatGPT-5 may be able to create convincing fake news and fake social media posts. To prepare for this seeming eventuality, implement AI-powered content verification tools. These kinds of tools help to actively protect your brand and can set your business apart as thoughtful, competitive and cyber security-forward.

4. Although this sounds like it’s straight out of a sci-fi movie, consider preparing for AI vs. AI cyber security scenarios. This includes investing in AI model security, implementing adversarial testing for AI systems and coming up with home-grown, business-specific strategies for identifying and counteracting AI-powered attacks.

Further thoughts

As generative artificial intelligence evolves, cyber security will have to adapt. Reactive responses can leave businesses scrambling uphill after it’s too late – get ahead of technological trends and adapt your cyber security, starting today.

For detailed insights into AI-powered, cloud-delivered cyber security technology that protects your business from the most sophisticated of cyber threats, click here. For insights into using AI prompt engineering to your advantage as a security professional, click here.

Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.