Michael “Mike” Willburn is a cybersecurity specialist with a history of successful experience in cyber threat intelligence, network architecture, risk management, and capacity building. Mike specializes in threat analysis, mitigation, network design, and organizational policy. He is a current member of International Information Systems Security Certification Consortium (ISC2) where he holds the Certified Information Systems Security Professional (CISSP) certification. In addition, he is Major in the Delaware Army National Guard and serves as the Senior Network Engineer and principal operations officer for the 198th Expeditionary Signal Battalion Enhanced. Throughout his career he has worked in professional settings with international partners including Sri Lanka, Mongolia, Timor Leste, Korea, Germany, Great Britain, and others. He loves to travel, be outdoors, read, and play Minecraft with his children in addition to his professional endeavors.
All Your Language Are Belong to Us: Implications and Effects of Large Language Models for Cybersecurity
The emergence of large language models (LLMs) like ChatGPT has been the focus of much news since late 2022. The ease of use of the platforms has made these powerful tools available to most people on the planet. LLMs have since been used to generate college papers, write screenplays, create very convincing chatbots, and write computer code. Generating these artifacts is relatively simple, requiring the user to “prompt” the LLM by simply asking a question. These activities have implications for privacy and cybersecurity that span a wide range of topics. The focus of this presentation is the use of LLMs for software development and what that means to the future of cybersecurity. LLMs have been shown to be good at writing nearly error free code. Though they have been used for writing larger programs, most of the code has been relatively few lines, hereafter called a “snippet”, that perform specific functions. However, the level of technical knowledge required to generate these snippets is also much lower than it has been to write code historically. We will present a game that we wrote using an LLM in C#, a language that the authors do not have extensive experience with. We demonstrate that relatively complex code can be written with little training in any programming language. For cybersecurity this lowers the barrier to entry for bad actors to write malware, develop social engineering campaigns, and conduct illegal activities. For defenders, this could be leveraged to write monitoring scripts, network defense programs, and augment staff that are stretched thin for time and expertise.