ChatGPT has shown it can do some very interesting things. But what about cybersecurity? Well, according to Microsoft. It can do a lot there as well. Microsoft has released Security Copilot, which is a ChatGPT for cybersecurity using ChatGPT-4. Apparently it can find vulnerabilities from code/ and diagrams. It can also handle things like incident response and do threat hunting. For example: It can ingest logs and correlate different events to identify threats. The official blog post is found here: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot
Now what about things like encryption, which is a core tenant of cybersecurity? Well, turns out even ChatGPT-3.5 is capable of basic encryption/decryption and encoding and decoding!
To test it’s capabilities I tried doing some prompts that required knowledge of ciphers and encoding. It struggles with some of the more complicated things but still surprising none-the less.
Base64 encodings: Handles Well
Ceasar Shift Cipher: Handles Well when not shifting too much
Rail fence cipher: Handles Well when keeping the rail amount at 2
Vigenere Cipher: Struggles
Since these ciphers specifically utilize the manipulation of text, it does make some sense that it’s able to handle the basic stuff. But it reaches its limitations when complex reasoning is required for decryption. GPT-4 and GPT-5 may perform these tasks much better, but I would argue that it’s a really expensive mechanism for executing these types of tasks if you take into account compute and memory. Where ChatGPT shines is that it’s also able to explain the ciphers and how it decodes or decrypts… this is invaluable from an education perspective and very helpful for those that have to explain say a root cause of a security incident issue to C-Suite folks. These two applications is where ChatGPT will have the greatest impact. It won’t replace cybersecurity experts any time soon, but will help them do their work faster.
Leave a Reply