Generative AI, large language models, and ChatGPT are dominating the headlines and people’s imaginations at the moment. While the incoming AI revolution may have some drawbacks, it also has the power to transform the way we learn, work, and play.
Clint Bodungen, author of the upcoming ChatGPT for Cybersecurity Cookbook: Learn practical generative AI recipes to supercharge your cyber skills, joined Matt Davey, Chief Experience Officer at 1Password, on the Random but Memorable podcast to discuss:
- The different ways ChatGPT can give your business a security edge.
- How companies can use ChatGPT to improve their security training.
- Why ChatGPT is the best way to build apps faster.
Read the interview below or listen to the full episode on your podcast app of choice.
Editor’s note: The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.
Matt Davey: What will the book cover and who’s it for?
Clint Bodungen: I focused on content for those who are already in cybersecurity and want to make their skillset more efficient and to augment the skills that they already have.
But more importantly, I’m a huge proponent into trying to usher in the next generation of talent into cybersecurity.
There are a lot of people who don’t know how to get into cybersecurity, or can’t afford [the relevant] certifications. I wanted to make sure I touched an audience that could really utilize this new, literally revolutionary technology to enhance and augment their skill set.
“This book will help you get under the hood of what’s going on."
You can build your own apps and extend the capabilities of just ChatGPT. This book will help you get under the hood of what’s going on to build your own plugin-like functionality, to build your own code interpreter functionality, and to get ahead of the next feature set that might be within ChatGPT.
The later chapters talk about other frameworks, like how to use other large language models such as open source rather than just GPT and OpenAI-branded large language models.
MD: What are some of the most exciting and practical AI recipes in your book?
CB: The most exciting recipes teach you how to turn ChatGPT or Claude 2 into a cybersecurity-themed role-playing game.
You might be familiar with old school text-based role-play games like Hitchhiker’s Guide to the Galaxy or Zork. Those sorts of games. I teach readers how to turn ChatGPT into a text-based role-playing game where it acts as the game master. It will instantly create an entire scenario. It’s a “choose your own adventure” basically which you can go through and it will train you on cybersecurity.
For companies that do incident response tabletop exercises, I have recipes in the book that show you how to create and run those exercises using ChatGPT.
I have simple GPT recipes from the web interface where you can just get help with GRC cybersecurity standards. You don’t understand what a standard is saying? You can feed it excerpts or entire standards and then get your questions answered. You can have it create entire vulnerability assessment plans. You can actually have it create a cybersecurity policy, an entire 80-page cybersecurity policy.
"[ChatGPT] is not meant to replace human work. It’s not meant to be ‘set it and forget it’ like an easy bake oven."
This is not meant to replace human work. This is not meant to be ‘set it and forget it’ like an easy bake oven. This is literally meant to give you a first draft. This is meant to make things more efficient and optimize your time, and then you become the editor and fine-tune it to your liking.
There are recipes in there to make all aspects of your cybersecurity job more efficient or more productive, like helping you with pen testing.
MD: How do we trust AI to generate what it says it’s generating?
CB: I don’t recommend sending anything confidential or private out to the internet when you’re using the API, whether that’s the cloud ChatGPT or something else. That’s why we’re developing an open source cybersecurity model that is intended to be used locally without any connection to the internet. This way you can do these things privately on your own without risking exposure.
In later parts of the book, I teach people how to use local open source models on their own if they’re concerned about privacy and security. In the meantime, if you do want to experiment with the API version – the online version and ChatGPT – then you can sanitize or anonymize your requests.
How do you trust what ChatGPT is giving you? I would highly recommend that for anything you’re doing in terms of testing or penetration testing, you do it on a trusted or secured network, or a sandbox network, before you put it on a customer’s network or your own network.
“The same caveats that apply to any cybersecurity operation or testing, such as making sure what you’re doing is tested and verified before you put it on a production network, stand true here as well."
The same caveats that apply to any cybersecurity operation or testing, such as making sure what you’re doing is tested and verified before you put it on a production network, stand true here as well.
And then in terms of writing code, I don’t recommend that you just take any code that it generates at face value. If you’re not a programmer you should try it out in a sandbox environment to make sure it works first.
MD: Are you writing the book, or is ChatGPT writing the book?
CB: I’m writing the book.
Am I using ChatGPT at all to help with this book? Yes. Am I using it to help me write better code? Absolutely. But I’m the primary author and I double check everything.
I use ChatGPT in my everyday life for everything now.
MD: Do you think AI and ChatGPT give you a competitive edge in security? Are there downfalls in that? What do you think people need to take into consideration?
CB: AI absolutely gives you a competitive edge because it makes you more efficient and makes you able to work faster.
Anything that you do, ChatGPT can help you do better or faster. For example, it’s better than Google search in a lot of instances. If I use Google, I have to search through the links and then click on each one and then see if those have relevant information. ChatGPT gives me the answer right away.
You could use it for anything. If you want a meal plan, it’ll generate meal plans. If you want an exercise routine, it’ll generate exercise routines. It’ll literally do and enhance just about anything you can think of.
“If you’re asking it for factual information, you do need to do your fact checking like you should do for anything."
The caveat is you still need to be cautious about facts. If you’re asking it for factual information, you do need to do your fact checking like you should do for anything.
The nature of a large language model and the way it works is that if it doesn’t know something, it can sometimes make stuff up. Or, worse, say things that sound realistic but aren’t true. So you have to be careful.
If you’re using this to enhance your knowledge, or to try to get a job, you have to be careful about using this to enhance your own skills, but then not furthering your skills to learn more.
For example, you can use it as a tutor to educate you and enhance the productivity and knowledge you already have. But if you use it to share knowledge that you don’t have, or use it to pretend you have knowledge that you don’t really have, it’s going to get you in trouble.
MD: Where can people learn more about you or pre-order this book?
I’m also the founder of Thread Gen, a cybersecurity startup with a cybersecurity training game simulation platform.
Editor’s note: This interview has been lightly edited for clarity and brevity.