The great battle between hackers and companies over Ai-generated code
In 2024 alone, OpenAi blocked more than twenty operations worldwide that used artificial intelligence for targeted attacks
3' min read
Key points
3' min read
In a report dated October 2024, OpenAI declares that since the beginning of the year it "has blocked more than twenty operations worldwide" that have used, or attempted to use, the ChatGPT creator's generative artificial intelligence models to produce large quantities of content for disinformation campaigns or for targeted attacks (or spear phishing) that are increasingly precise, personalised and written with impeccable grammar (in good Italian or any other language). And this is just what the OpenAI team has managed to intercept in an activity, that of identifying and analysing suspicious behaviour which, the report goes on to say, 'although it still requires intense human evaluation and expertise' makes use of artificial intelligence tools 'that have made it possible to reduce some analytical phases from days to minutes'. Artificial intelligence, especially generative intelligence, is therefore an extraordinary tool that technology has given to criminals, but it is also providing benefits to those who have to defend us. Who is benefiting most from it is a matter of debate: at the beginning of the year, 56 per cent of a group of leaders questioned by the World Economic Forum thought that in the next two years 'generative AI will benefit cyber attackers over defenders'. We shall see.
Growing Phenomenon
.Certainly, the phenomenon is growing and destined to expand because the spread of technology has made open source tools available today that criminal organisations can use to create their own large-scale language models (or Llm) in-house, freeing themselves from online services such as OpenAI and thus escaping the controls that nip illicit activities in the bud. The scenarios for the use of generative artificial intelligence are diverse: Wider disinformation campaigns, more credible and personalised phishing emails that pave the way for ransomware, messages or chats that appear to come from a trusted person or legitimate company, more effective scams using synthetic voices or digital clones (deepfakes) that simulate a plausible interaction with a person, up to scenarios in which "attackers try to compromise artificial intelligence systems themselves," explains Corrado Giustozzi, cybersecurity expert and partner at Rexilience, who urges us not to underestimate the possibility that "Ia-based systems may be vulnerable and therefore deceived". Despite the rapid change we are witnessing, accelerated in the last two years by generative Ia, 'it is worth emphasising,' Giustozzi continues, 'that artificial intelligence and cybersecurity have been talked about for at least 15 years or more, and we have actually witnessed the birth and spread of systems that try to pick up signals from the network to intercept anomalies and react automatically, ever faster and on huge amounts of data' that cannot be managed humanly, even though 'the human factor remains fundamental because none of these systems can make decisions completely autonomously.
The role of the GenAi
.The generative component can help security teams who have to make operational choices in a short time because 'it now summarises useful information for decision-making in a text of a few lines,' adds David Gubiani, regional director Se Emea Southern at Check Point Software Technologies. The information gathered by cybersecurity platforms obviously remains available, but the machine can generate suggestions in natural language.
Another tool used by both sides, by the criminals who attack and by those who develop software to defend digital systems, is the ability of generative Ia models to write software and consequently malware. With GenAi, it is possible to generate new and unique code in industrial quantities and make malware more difficult to identify by testing variants of the code in order to find the most effective version that is invisible to defence systems. But in turn, in an endless chase that repeats a pattern already known in the cybersecurity world, defence systems can be trained to prevent threats more effectively. "Automation in software writing is an advantage," adds Gubiani, "because it can reduce the problem of skills and the lack of professionals" that remain crucial but will remain relevant in the world of work to the extent that they adapt to the new scenario: "It will be less important to write software but," says Gubiani, "you will have to become good at giving precise orders to the Ia systems to write the code.
Finally, there is one aspect that remains unchanged. The low basic computer skills of many workers, especially in SMEs. 'Unfortunately, even today cybercriminals have a cultural advantage and they are interested in having a good share of companies that can be compromised,' concludes David Gubiani. And it is also in the field of training that generative Ia can make a contribution with systems that can get workers more involved. At Sole 24 Ore, for example, experiments are under way on cybersecurity training courses delivered by a chatbot.

