TY - JOUR
T1 - Generative AI for pentesting
T2 - The good, the bad, the ugly
AU - Hilario, Eric
AU - Azam, Sami
AU - Sundaram, Jawahar
AU - Imran Mohammed, Khwaja
AU - Shanmugam, Bharanidharan
N1 - Publisher Copyright:
© The Author(s) 2024.
PY - 2024/6
Y1 - 2024/6
N2 - This paper examines the role of Generative AI (GenAI) and Large Language Models (LLMs) in penetration testing exploring the benefits, challenges, and risks associated with cyber security applications. Through the use of generative artificial intelligence, penetration testing becomes more creative, test environments are customised, and continuous learning and adaptation is achieved. We examined how GenAI (ChatGPT 3.5) helps penetration testers with options and suggestions during the five stages of penetration testing. The effectiveness of the GenAI tool was tested using a publicly available vulnerable machine from VulnHub. It was amazing how quickly they responded at each stage and provided better pentesting report. In this article, we discuss potential risks, unintended consequences, and uncontrolled AI development associated with pentesting.
AB - This paper examines the role of Generative AI (GenAI) and Large Language Models (LLMs) in penetration testing exploring the benefits, challenges, and risks associated with cyber security applications. Through the use of generative artificial intelligence, penetration testing becomes more creative, test environments are customised, and continuous learning and adaptation is achieved. We examined how GenAI (ChatGPT 3.5) helps penetration testers with options and suggestions during the five stages of penetration testing. The effectiveness of the GenAI tool was tested using a publicly available vulnerable machine from VulnHub. It was amazing how quickly they responded at each stage and provided better pentesting report. In this article, we discuss potential risks, unintended consequences, and uncontrolled AI development associated with pentesting.
KW - ChatGPT 3.5
KW - Cyber security
KW - Generative AI
KW - Large language models
KW - Penetration testing
UR - http://www.scopus.com/inward/record.url?scp=85187865624&partnerID=8YFLogxK
U2 - 10.1007/s10207-024-00835-x
DO - 10.1007/s10207-024-00835-x
M3 - Article
AN - SCOPUS:85187865624
SN - 1615-5262
VL - 23
SP - 2075
EP - 2097
JO - International Journal of Information Security
JF - International Journal of Information Security
IS - 3
ER -