Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Malicious Use of Generative AI Large Language Models Now Comes in Multiple Flavors

    Stu Sjouwerman | May 22, 2024

    Role-of-AI-LANDING-HEAD-webAnalysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams.

    We’ve seen the use of this technology grow to the point where an expansion of the cybercrime economy occurred to include GenAI-based services like FraudGPT and PoisonGPT, with many others joining their ranks.

    But new analysis of generative AI-based LLMs by security analysts at TrendMicro makes it clear that the claims about the capabilities and technologies behind these services often are more hype than reality.

    Cybercriminals are leveraging these tools to develop malware quickly, improve social engineering tactics, create scripts, write emails and more.

    According to the analysis, not all LLM-based services are created equal. In a few cases, there is a legitimately unique malicious LLM created. In some cases, the service utilizes a version of ChatGPT, having figured a way around the current controls in place designed to keep the predominant AI from working on something malicious in nature.

    And in still other cases, some services are just scams or low-quality services that won’t deliver, taking advantage of the cybercriminal’s desire to quickly launch an attack (demonstrating there still is no honor among thieves).

    Criminal-AI-TableqZepnbu

    Source: TrendMicro

    Despite the lack of quality LLM-based services today, the massive use of such services shows that there’s likely a number of criminal organizations that are investing in delivering something truly impactful that will consume the cybercrime market.

    And when that happens, organizations are going to need more than just security solutions in place. You’re going to need vigilant users “standing at the (Inbox) gate” ensuring that, despite how believable email content may look, the recipient user keeps a scrutinizing eye out for anything suspicious, materially lowering the risk of a successful attack.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Topics: Social Engineering Security Culture

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All