{"id":48939,"date":"2023-09-06T05:20:11","date_gmt":"2023-09-06T09:20:11","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=48939"},"modified":"2023-09-06T05:20:11","modified_gmt":"2023-09-06T09:20:11","slug":"chatgpt-cybersecurity-regulation","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/chatgpt-cybersecurity-regulation\/48939\/","title":{"rendered":"With ChatGPT&#8217;s vast innovative potential, regulators must take care"},"content":{"rendered":"<p>ChatGPT and other artificial intelligence (AI) chatbot applications are major technological milestones with far-reaching benefits for many industries.<\/p>\n<p>But with each advance comes unintended consequences. With ChatGPT in its fourth iteration, and its underlying technologies growing fast, it\u2019s time to take stock of the policy landscape to understand its implications.<\/p>\n<h2>What is ChatGPT, and how are businesses using it?<\/h2>\n<p><a href=\"https:\/\/chat.openai.com\/\" target=\"_blank\" rel=\"noopener nofollow\">ChatGPT<\/a> is an AI chatbot made by OpenAI. It uses <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/nlp-language-model-privacy\/41410\/\" target=\"_blank\" rel=\"noopener nofollow\">natural language processing (NLP)<\/a> to create human-like text responses. Users can ask ChatGPT almost anything and receive relatively natural-sounding responses. It can write outputs like <a href=\"https:\/\/builtin.com\/artificial-intelligence\/chatgpt-examples\" target=\"_blank\" rel=\"noopener nofollow\">programming code, social media posts, summarize complex topics<\/a> or almost anything text.<\/p>\n<div style=\"width: 180px\" class=\"wp-caption alignnone\"><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/OGmDr8TLtTo?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><p class=\"wp-caption-text\">What is ChatGPT?<\/p><\/div>\n<p>ChatGPT is an example of generative AI: Artificial intelligence that learns to generate original content like images, music and text by identifying underlying patterns in existing examples. \u201c<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-distinction-generative-ai-vs-chatgpt-ragu\/\" target=\"_blank\" rel=\"noopener nofollow\">Its primary objective is to create interactive and realistic conversations<\/a> with users, making it a powerful tool for chatbots, virtual assistants and customer support applications,\u201d says AWS Solutions Architect Ragu Kuppannan.<\/p>\n<p>Many top companies are using ChatGPT. For example, travel outlet <a href=\"https:\/\/www.forbes.com\/sites\/bernardmarr\/2023\/05\/30\/10-amazing-real-world-examples-of-how-companies-are-using-chatgpt-in-2023\/?sh=65742fc21441\" target=\"_blank\" rel=\"noopener nofollow\">Expedia wants customers to be able to book a holiday<\/a> in a way that feels like having a chat with a travel agent. Microsoft, a major investor in OpenAI, says ChatGPT already powers its search engine, Bing, and plans to add it to Word and Excel.<\/p>\n<p>ChatGPT could be promising for any application where natural, conversational interaction between people and tech would be beneficial.<\/p>\n\t\t\t\t\t<div class=\"c-promo-post\">\n\t\t\t\t\t\t<div class=\"o-row\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"o-col-12@sm\">\n\t\t\t\t\t\t\t<article class=\"c-card c-card--link c-card--hor@xs c-card--small@xs\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__figure c-card__figure--small@xs c-card__figure--medium@sm\">\n\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/7-future-roles\/47981\/\" class=\"c-card__figure-link\">\n\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/04\/21060058\/346_future_cybersecurity_jobs_2-500x500.jpg\" class=\"attachment-card-default size-card-default wp-post-image\" alt=\"future cybersecurity jobs\" data-src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/04\/21060058\/346_future_cybersecurity_jobs_2-500x500.jpg\" data-srcset=\"\" srcset=\"\">\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__body  \">\n\t\t\t\t\t\t\t\t\t<header class=\"c-card__header\">\n\t\t\t\t\t\t\t\t\t\t<p class=\"c-card__headline\">Related article<\/p>\n\t\t\t\t\t\t\t\t\t\t<h3 class=\"c-card__title \">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/7-future-roles\/47981\/\" class=\"c-card__link\" target=\"_blank\" rel=\"noopener nofollow\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span>7 new roles we\u2019ll soon see keeping business secure<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<svg class=\"o-icon o-svg-icon o-svg-right\"><use xmlns:xlink=\"http:\/\/www.w3.org\/1999\/xlink\" xlink:href=\"https:\/\/www.kaspersky.com\/blog\/wp-content\/plugins\/kaspersky-emagazine\/assets\/sprite\/icons.svg#icon-arrow-long\"><\/use><\/svg>\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__desc \">\n\t\t\t\t\t\t\t\t\t\t\t<p>How we protect systems and people is changing with threats and technology. The upside? We\u2019ll see creative and diverse new roles in the near future.<\/p>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<footer class=\"c-card__footer\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__list\">\n\t\t\t\t\t\t\t\t\t\t\t<ul class=\"c-list-labels js-has-reading-time\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"c-list-labels__link\" href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/category\/enterprise-cybersecurity\/\" target=\"_blank\" rel=\"noopener nofollow\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span>Enterprise cybersecurity<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><span class=\"js-reading-time\"><\/span> min read<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"u-hidden js-reading-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\tTechnology penetrates every sphere of our lives, and more devices mean more cybersecurity challenges. How we protect systems is evolving with technology and threats: Routine work like monitoring and response is being automated. But cybersecurity isn't getting less complex \u2013 businesses will soon need new, more creative, more diverse roles.\r\n\r\nWhile they may seem futuristic, some already exist in one form or another. Given long-term trends, leaders should start planning to recruit for these new roles, coming soon.\r\n1.\u00a0 AI mentor\r\nThe rise of AI-based technologies like ChatGPT and voice assistants like Siri and Alexa made new tech more accessible while bringing new concerns around privacy and security. AI's control, regulation and monitoring requirements go beyond product management and development expertise.\r\n\r\nWilliam Gibson's 1984 science fiction book Neuromancer imagined we'd one day have 'Turing Police' to control AI and AI-based systems, stopping them evolving and becoming independent. Turing refers to famed UK mathematician and computer scientist Alan Turing's test to distinguish humans from machines. A need for firm limits on AI is little disputed among experts, with a range of tech leaders, including Elon Musk, signing a open letter asking for a pause in AI development in March 2023.\r\n\r\n\r\n\r\nAI Mentors will assess and control AI technology. They may also teach AIs, control access to data and constrain evolution \u2013 you might call it, being AI's parent. As AI's complexity and sophistication grows, there will be growing demand for such experts.\r\n\r\nAI mentors could also develop 'stop' buttons to prevent systems operating on their own. They may also develop protection against malfunction and alternative rescue plans if computers are out of service.\r\n2.\u00a0 Digital footprint consultant\r\nLeaks and breaches negatively affect any brand. Cybercriminals often use threats of reputational damage to extort money from companies once inside systems. A digital footprint consultant will work to protect your brand.\r\n\r\nHowever, there's no need to wait for a digital footprint consultant to come on board before you develop strategies to restore your brand reputation after a data leak.\r\n3.\u00a0 Cyber immunity developer\r\nCybersecurity will change as businesses are forced to rethink how they develop new tech.\r\n\r\n\r\n\r\nEmbedding cybersecurity principles from the start makes cyber immunity possible \u2013 systems so secure that the cost of hacking them isn't worth the reward. Demand for cyber-immune products will see employees scrambling to hire designers and developers with security-first skills.\r\n4.\u00a0 Threat endurance manager\r\n2022 was a costly year for cyberattacks, with high-profile big tech names like Twitter, Uber and Rockstar Games all hit. Cybercriminals don't shy away from attacking public services and life-saving institutions either, with several universities, the UK's National Health Service and the Red Cross among those attacked.\r\n\r\nCyberattacks interrupt production and business processes, pose reputational risks and lead to big financial losses. Health insurance giant Medibank reported a ransomware attack cost them 26 million US dollars.\r\n\r\n\r\n\r\nThey'll be responsible for business continuity and protect companies by controlling IT systems, responding to cyberattacks and managing software and human errors.\r\n5.\u00a0 Cyber investigator\r\nCyber investigators already exist, but their work will become more complex and diverse as digital systems get more sophisticated and automated.\r\n\r\nThese specialists normally manage the aftermath of a security breach, covering the whole investigation and eliminating the threat. At Kaspersky, they collect evidence about an incident by analyzing log files and network events, finding indicators of compromise and more.\r\n\r\nNew-generation cyber investigators will be generalists with skills in programming and hacking, but also psychology and decision-making in volatile conditions. They'll also understand robotics and AI, as they must work with emerging systems.\r\n6.\u00a0 Digital bodyguard\r\nLike bodyguards in the physical world, we'll want to hire consultants to protect our digital identities. These bodyguards will protect against doxing \u2013 when attackers publish personal data online for revenge \u2013 and cyberstalking. They'll clean our accounts and digital history, and guide and support our virtual lives.\r\n\r\nPew Research Center found more than 40 percent of US adults experienced online harassment in 2020. Sometimes, online harassment is linked with offline harassment and even violence. Digital bodyguards will help protect us from these kinds of threats, and disrupt and identify the offender when they happen. They may also give victims emotional support.\r\n\r\nBusinesses that provide digital technologies must consider how they'll facilitate digital bodyguards' work protecting their clients.\r\n7.\u00a0 Space cybersecurity engineer\r\nSatellites are the most conspicuous piece of space technology in daily life, used in communications, navigation systems, broadcast media and more. Our reliance on satellites makes them attractive to threat actors.\r\n\r\nThe space industry needs dedicated specialists to prevent attacks, particularly securing operational systems like navigation, engine control and life support. With the advent of space tourism, asteroid mining and new space stations, there'll be rising demand for out-of-this-world cybersecurity experts.\r\n\r\n\r\nWhat does it all mean for business?\r\nThe cybersecurity landscape is complex and always changing, giving rise to new roles like these predicted. It's easy for businesses to get left behind.\r\n\r\nExamples of expensive data breaches at big-name institutions suggest those who invest in top cybersecurity will save time and money long-term. For those developing future technologies, embedding cyber immunity is becoming necessary, especially if your tech will be used in critical services like healthcare and infrastructure.\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/footer>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\n<h2>Risks of ChatGPT<\/h2>\n<p>Critiques of ChatGPT and other chatbot applications generally focus on its potential to <a href=\"https:\/\/www.businessinsider.com\/chatgpt-jobs-at-risk-replacement-artificial-intelligence-ai-labor-trends-2023-02\" target=\"_blank\" rel=\"noopener nofollow\">disrupt human employment<\/a>, <a href=\"https:\/\/www.internationalscienceediting.com\/when-chatgpt-gets-it-wrong\/\" target=\"_blank\" rel=\"noopener nofollow\">produce incorrect information<\/a> or <a href=\"https:\/\/time.com\/6247678\/openai-chatgpt-kenya-workers\/\" target=\"_blank\" rel=\"noopener nofollow\">poor practice in training algorithms to identify harmful content<\/a>.<\/p>\n<p>The underlying cybersecurity risks get less attention. Kaspersky\u2019s specialist threat intelligence teams have identified three main risk areas.<\/p>\n<p>First, ChatGPT can provide advice, even detailed guides, to help prospective attackers plan and target victims. Second, it can <a href=\"https:\/\/www.bleepingcomputer.com\/news\/technology\/openais-new-chatgpt-bot-10-dangerous-things-its-capable-of\/\" target=\"_blank\" rel=\"noopener nofollow\">develop code and even create entire coding projects<\/a> for those with little knowledge of software development. While ChatGPT has restrictions and safeguards to avoid abuse, they\u2019re fairly easily bypassed. Third, ChatGPT produces <a href=\"https:\/\/www.wired.com\/story\/large-language-model-phishing-scams\/\" target=\"_blank\" rel=\"noopener nofollow\">convincing and accurate text that can be used in phishing<\/a> or <a href=\"https:\/\/www.kaspersky.com\/resource-center\/definitions\/spear-phishing\" target=\"_blank\" rel=\"noopener nofollow\">spearphishing<\/a>.<\/p>\n<p>To some extent, these three areas represent theoretical risks or outlier scenarios that don\u2019t represent how people and businesses usually use ChatGPT.<\/p>\n<blockquote><p>ChatGPT is only a language model, which is neither good nor bad \u2014 but it is advanced, publicly available and popular.<\/p>\n<\/blockquote>\n<h2>Policy perspective beyond risks<\/h2>\n<p>Policy should aim to be technology-blind \u2013 taking a similar approach to all related technology that might emerge in the future, rather than creating a unique approach for one of today\u2019s concerns. It should build the best possible defenses against the worst human intentions and applications.<\/p>\n<p>Practically speaking, there may be no way to prevent or limit use of tech like ChatGPT. And to limit an emerging technology\u2019s potential means being left behind in a global digital economy.<\/p>\n<blockquote><p>The cost of being left behind will only increase as technologies develop fast into convenient tools that improve life and work. But an overly permissive environment that ignores credible risks could be equally damaging.<\/p>\n<\/blockquote>\n<p>While policy discussions usually focus on outputs \u2013 the material ChatGPT produces \u2013 its inputs (the data it\u2019s trained with) may be a bigger threat. Data-driven tools like ChatGPT are <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/insight-story-artificial-intelligence\/48097\/\" target=\"_blank\" rel=\"noopener nofollow\">only as good or accurate as their training datasets<\/a>. As chatbot systems may become the most common way to use the internet, issues will have wide impact.<\/p>\n<p>Ensuring balance in training data is a growing challenge as disinformation expands. <a href=\"https:\/\/www.parkersoftware.com\/blog\/what-is-a-bad-actor-in-cybersecurity\/\" target=\"_blank\" rel=\"noopener nofollow\">Bad actors<\/a> can influence what users see and read in ways that have global consequences. Datasets, devices and systems must be secure and accurate.<\/p>\n<h2>How nations are regulating AI<\/h2>\n<p>In our public policy work, Kaspersky advocates public-private partnerships. We think partnerships combining global private-sector expertise with policymakers\u2019 local needs will be the best defense. It\u2019s a middle-ground approach that avoids too much or too little caution. These partnerships in cybersecurity maximize the advantages of emerging technologies like ChatGPT, while safeguarding against risks.<\/p>\n<p>United Arab Emirates (UAE) is a role model for inclusive public-private partnerships. They\u2019ve taken a progressive and collaborative stance on partnerships with international tech firms. Initiatives and forums like the <a href=\"https:\/\/www.dubaichamberdigital.com\/en\/home\/\" target=\"_blank\" rel=\"noopener nofollow\">Dubai Chamber of Digital Economy<\/a> and the <a href=\"https:\/\/u.ae\/en\/information-and-services\/justice-safety-and-the-law\/cyber-safety-and-digital-security\" target=\"_blank\" rel=\"noopener nofollow\">UAE Cybersecurity Council<\/a> aim to safely and securely advance technological growth for short- and long-term benefit.<\/p>\n<p>In May 2023, <a href=\"https:\/\/www.dataguidance.com\/news\/brazil-senate-considers-bill-regulating-ai\" target=\"_blank\" rel=\"noopener nofollow\">Brazil was considering a Bill to regulate AI<\/a>. It requires \u201csystems [to] undergo a preliminary assessment carried out by the suppliers themselves, to determine whether they can be classified as being of high or excessive risk,\u201d according to OneTrust Data Guidance. It also restricts exploitative AI uses, like subliminal techniques that could cause harmful behavior or target vulnerabilities in older and disabled people.<\/p>\n<p>The Center for Strategic and International Studies says Japan looked at the <a href=\"https:\/\/artificialintelligenceact.eu\/\" target=\"_blank\" rel=\"noopener nofollow\">European Union\u2019s sterner approach to AI regulation<\/a> and had \u201c<a href=\"https:\/\/www.csis.org\/analysis\/japans-approach-ai-regulation-and-its-impact-2023-g7-presidency\" target=\"_blank\" rel=\"noopener nofollow\">concern that the burden of compliance and the ambiguity of regulatory contents may stifle innovation<\/a>.\u201d Instead, Japan is adopting a \u201chuman-centered\u201d approach based on seven principles \u2013 among them, privacy protection, security and innovation. They regulate AI through several laws. The Digital Platform Transparency Act, for example, requires fair and transparent practice from large online stores and digital advertising businesses, including disclosing how they decide search rankings.<\/p>\n<h2>Values are the key to balanced regulation<\/h2>\n<p>ChatGPT and other generative AI fit a model of technological development we\u2019ve seen throughout history \u2013 it disrupts human lives and businesses with exciting potential but also serious risks that need policymakers\u2019 attention.<\/p>\n<p>UAE, Brazil and Japan have regulatory approaches that are values-led and aim for a middle ground: A balance between too much and too little caution. Alongside, partnerships between the public and private sector hold promise to let business embrace innovation while adequately managing risk.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Its human-like responses are set to revolutionize our experience of tech, so business needs a clear view of the policy landscape around ChatGPT. <\/p>\n","protected":false},"author":2745,"featured_media":48940,"template":"","coauthors":[4504],"class_list":{"0":"post-48939","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-artificial-intelligence","7":"emagazine-category-enterprise-cybersecurity","8":"emagazine-category-safer-business","9":"emagazine-tag-regulation"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/7-future-roles\/47981\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/7-future-roles\/28169\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/48939","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2745"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/48940"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=48939"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=48939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}