However, there are concerns that these models could be used for malicious attacks. Daniel Kang, one of the researchers, clarified that GPT-4 in chatbot mode is "insufficient for understanding LLM capabilities" and cannot hack anything on its own. When asked, ChatGPT stated it is not capable of exploiting zero-day vulnerabilities and its purpose is to provide information and assistance within ethical and legal boundaries.
Key takeaways:
- A team of researchers has used GPT-4 to autonomously hack known vulnerabilities and zero-day vulnerabilities using a Hierarchical Planning with Task-Specific Agents (HPTSA) method.
- The HPTSA method involves a 'planning agent' that oversees the process and launches multiple 'subagents' that are task-specific, making it more efficient in exploiting vulnerabilities.
- When tested against 15 real-world web-focused vulnerabilities, HPTSA was 550% more efficient than a single Large Language Model (LLM) and was able to hack 8 of 15 zero-day vulnerabilities.
- There are concerns that these models could be used for malicious attacks, however, in chatbot mode, GPT-4 is not capable of hacking anything on its own and operates within ethical and legal boundaries.