ChatGPT rates poorly in spotting phishing tries
MANILA -Artificial intelligence (AI)-driven language processing application ChatGPT knows what phishing attacks are but has limited ability to detect such cybersecurity threats, according to Kaspersky.
The cybersecurity firm, in a study it conducted, revealed that ChatGPT had high false positive rates of up to 64 percent in terms of identifying malicious links.
But Kaspersky said that the software had “impressive” results in tagging potential phishing attacks. It was able to point out the threats in several online portals including Facebook, TikTok, Google, Amazon and Steam.
“While the detection rate is very high, the false positive rate is too high for any kind of production application,” it explained.
Kaspersky noted that “the experiment also showed ChatGPT might have serious problems when it comes to proving its point on the decision whether the link is malicious.”
“Some explanations were correct and based on facts, others revealed known limitations of language models, including hallucinations and misstatements: many explanations were misleading, despite the confident tone,” it added.
Kaspersky lead data scientist Vladislav Tushkanov said these findings showed that language models have their limitations.
“While they might be on par with an intern-level phishing analyst when it comes to reasoning about phishing attacks and extracting potential targets, they tend to hallucinate and produce random output,” Tushkanov said.
Phishing is launched via email and text messages, among others, to trick users into giving out their personal information.
Kaspersky said online attacks increased by 29 percent in the country last year. INQ
