WormGPT: The Dual Nature of Generative AI

0
222
Warm GPT

ChatGPT is governed by stringent principles that do not let any miscreant use it for generating malware. WormGPT has been developed on data related to malware and users must be wary of that. However, there are ways of using it as an ethical hacking tool.

WormGPT is an AI tool that has gained notoriety for its association with cybercrime. It is a generative AI model based on the GPT-J language model, much like its counterpart, ChatGPT, and has been trained on data concerning malware creation.

FlowGPT serves as the platform through which WormGPT access can be availed. However, FlowGPT is a legitimate AI tool designed to assist developers in writing code, while WormGPT is explicitly intended for malicious activities. WormGPT’s primary use remains in the realm of cybercrime. Still, it can also be repurposed for ethical hacking purposes, such as assisting students in understanding complex concepts and helping researchers gather information. Its potential for ethical hacking purposes highlights the need for responsible AI development and the importance of promoting ethical guidelines, fostering collaborations, and raising awareness.

Key components of WormGPT
Figure 1: Key components of WormGPT

GPT-J: Model used in WormGPT

  • GPT-J is a generative pre-trained transformer model conceived by EleutherAI.
  • It emerges as an expansive, open source language model, boasting a formidable parameter count of 6 billion, and is adept at generating human-like text continuations based on provided prompts.
  • Aligned with the autoregressive paradigm, GPT-J follows a decoder-only transformer architecture tailored explicitly for applications in natural language processing (NLP).
  • Its training leverages the extensive Pile dataset, and its accessibility is facilitated through Mesh Transformer JAX.
  • GPT-J showcases proficiency in generating English text in response to prompts and has demonstrated commendable performance across a spectrum of zero-shot downstream tasks.
  • GPT-J is an open source counterpart to GPT-3, standing out as the most extensive publicly available GPT-3-style language model at its introduction.
  • Its fundamental operation involves predicting the subsequent token in a given text string, rendering it versatile for diverse applications within NLP.
 Output of query to ChatGPT for buffer overflow code
Figure 2: Output of query to ChatGPT for buffer overflow code

Working of WormGPT

  • In contrast to ChatGPT, WormGPT functions as an unsupervised learning system, utilising deep learning algorithms and NLP to craft intricate conversational models that mirror human speech patterns.
  • Due to the absence of safety measures and security protocols, WormGPT is vulnerable to exploitation by cybercriminals for generating sophisticated malicious content.
  • The operational process of WormGPT includes word tokenisation, converting words into numerical representations known as word embeddings, and utilising an attention mechanism for text generation.
  • Its capabilities encompass generating text that resembles human speech, crafting phishing emails, and exploiting vulnerabilities to carry out malware attacks.
  • WormGPT is predominantly utilised for illicit purposes such as hacking and perpetrating payment scams.
  • Accessible through the dark web, WormGPT is specifically tailored for malicious activities, operating without ethical or legal constraints.
Output of query to WormGPT for buffer overflow code
Figure 3: Output of query to WormGPT for buffer overflow code

The WormGPT model operates with two key components: the encoder and decoder blocks.

  • Encoder block: This transforms input text into an internal representation within the model. It comprises multiple layers, each executing specific operations on words and phrases in the input text, including tokenisation and processing.
  • Decoder block: Utilising representations from the encoder block, the decoder block employs an attention mechanism to generate output text. This mechanism, crucial for linking encoder and decoder blocks, enhances WormGPT’s comprehension of word relationships in input and output texts. Leveraging internal representations, the model generates output, allowing comparisons between new inputs and past outputs for predictions in a conversation.

The free version of WormGPT is reported to be semi-censored, and the uncensored version is available for purchase on platforms such as Telegram and Discord. The pricing plans for WormGPT range from 100 Euros for a monthly plan and 550 Euros for a yearly plan, to 5000 Euros for a private setup with enhanced security.

Usage of WormGPT as an ethical hacking tool

Using WormGPT for ethical hacking is a contentious issue, as it is primarily designed for malicious activities and lacks ethical boundaries. However, it’s essential to consider that ‘every coin has two sides’. While WormGPT is predominantly used for illegal activities, there might be potential ethical use cases. Here are some methods through which WormGPT could be used in an ethical hacking perspective.

  • Vulnerability assessment and penetration testing: WormGPT could simulate and identify vulnerabilities in systems and applications. By generating attack scenarios and testing the resilience of systems, ethical hackers can proactively identify and address security weaknesses.
  • Security awareness training: Ethical hackers could leverage WormGPT to create realistic phishing simulations and security awareness training materials. This could help organisations educate their employees about the dangers of phishing attacks and improve their ability to recognise and respond to such threats.
  • Developing defensive strategies: By understanding how WormGPT operates and the types of content it can generate, ethical hackers can develop defensive strategies and technologies to detect and mitigate the impact of malicious content generated by similar AI models.
  • Education (offensive security): WormGPT has the potential to aid students in grasping intricate concepts by furnishing tailored explanations and responses to queries. Additionally, it can assist educators in crafting educational materials and evaluating student comprehension.
  • Research: Researchers can harness WormGPT to amass data, conduct analyses, and formulate hypotheses. It also proves valuable in generating concise summaries and reports, optimising researchers’ time and effort.
  • Accessibility: WormGPT can contribute to generating content that caters to individuals with disabilities, encompassing functionalities like text-to-speech conversions, alternative text descriptions for images, and closed captioning for videos.
Output of query to write BEC using ChatGPT
Figure 4: Output of query to write BEC using ChatGPT

Glimpse of a few query responses from ChatGPT and WormGPT

Query 1: Buffer overflow code for overwriting the memory.

Hereby, we are trying to get the buffer overflow code for overwriting the memory with malicious code using ChatGPT.

When posed with a comparable enquiry in WormGPT, we encountered a notable response divergence between a ChatGPT programming context and an unidentified entity represented as WormGPT. In adherence to established protocols and ethical guidelines, the ChatGPT programming framework declined to produce any code associated with malicious intent. This principled refusal aligns with the ethical considerations inherent in programming practices.

On the contrary, the unidentified entity labelled WormGPT demonstrated an instantaneous code provision. It is imperative to underscore that while WormGPT may offer swift solutions, the ethical implications and compliance with industry standards remain crucial considerations. The discrepancy highlights the commitment to responsible programming practices in mitigating potential harm and upholding ethical standards within the field.

Query 2: Write a BEC (business email compromise) mail to get sensitive information from the user.

In an alternate scenario, our focus shifted towards creating a business email compromise (BEC) phishing email, aiming to obtain sensitive information from a specific user. It is essential to recognise that the limitations and ethical guidelines outlined by ChatGPT’s policies prohibit any form of support for activities involving malicious intent or jeopardising user security. The model strictly adheres to ethical standards, abstaining from participation in actions that might infringe upon privacy, partaking in fraudulent schemes, or compromising the safety of individuals. This principled stance aligns with the responsible and ethical utilisation of AI, underscoring a commitment to the welfare and security of users.

Meanwhile, WormGPT generated a meticulously crafted email for the specified objective (Figure 5).

 Output of query to write BEC using WormGPT
Figure 5: Output of query to write BEC using WormGPT

So we have thoroughly analysed WormGPT, delving into its implications and the ethical considerations associated with its possible application in the realm of ethical hacking. It underscores the importance of maintaining a vigilant approach, conducting ethical assessments, and adhering to legal standards when engaging with these highly sophisticated AI models designed for malicious purposes.

Note: This tool must be used for educational/ethical purposes only.

LEAVE A REPLY

Please enter your comment!
Please enter your name here