A New Threat for the AI Era

At this point in the booming Artificial Intelligence era, it seems fair to conclude that commercial Large Language Models (LLMs) are here to stay. Mainstream LLMs have shown themselves capable of aiding and improving productivity for individuals and enterprises alike, and the possibilities for future LLM capabilities and use-cases seem endless.

Unfortunately, however, the list of LLM beneficiaries isn’t limited to individuals and enterprises with good intentions. Threat actors have increasingly begun to utilize “black hat” LLMs like WormGPT, a malicious alternative to commercial LLMs widely marketed on cybercrime forums, to efficiently create and launch phishing, Business Email Compromise (BEC), and social engineering campaigns.

Much like its legitimate counterparts, WormGPT is designed to scale individual productivity – but it’s trained, in this case, without the safety guardrails that set crucial information boundaries for commercial LLMs. It’s particularly useful for more amateur threat actors; it raises the talent floor required to create convincing social engineering messages while reducing the skill required to launch attacks at scale.

In this article, we’ll explain what WormGPT is, discuss the strategies enterprises are employing to respond to WormGPT-drive attacks, and suggest an AI-powered threat detection solution for identifying and flagging AI-generated spam content on Email exchange servers.

What is WormGPT?

WormGPT is a malicious chatbot designed exclusively for cybercrime. It’s based on the GPT-J open-source language model, but it lacks the ethical restrictions and safety filters commercial LLMs employ to discourage illegal activities. Moreover, it’s trained on illicit data – including many different types of malware, for example – which greatly improves its utility as a one-stop resource for aspiring threat actors.

WormGPT was discovered in 2023, and cybersecurity analysts have been researching ways to identify and combat WormGPT-generated attacks ever since.

How Enterprises are Responding to WormGPT Attacks

There’s no way to prevent threat actors from using WormGPT – and that means it’s up to enterprises to implement adequate defense solutions.

Upgrading the email security stack

As always, mitigating a new threat starts with upgrading the security stack. An influx of AI-driven email scam campaigns from WormGPT means static, signature-based threat detection services aren’t going to cut it on their own. Enterprises are implementing stronger authentication, message provenance checks, and real-time communication anomaly detection to prevent phishing emails from ever reaching employee inboxes.

Fighting AI with AI

WormGPT enables threat actors to create large-scale scam campaigns with ease, and keeping up with that volume would be extremely difficult without the use of defensive AI. Some enterprise are deploying AI-powered tools capable to detecting content created by generative AI – such as linguistic patterns, unnatural intent, and other key indicators. The goal is to flag the subtle indicators which static filters or human cybersecurity analysts might miss and warn those entities when emails may contain insincere or malicious content.

Identity hardening and robust access controls

Sometimes, WormGPT-generated scam campaigns are too clever for any static or AI-powered email spam filter to detect. In those cases, identity policies and access controls need to be strong enough to act as a final line of defense for enterprise employees and systems. Multifactor authentication (MFA), conditional access policies, least-privilege access policies, and workflow verification checks are transitioning from “best practices” to “must-haves” in many enterprise environments.

Cloudmersive Email Threat Detection

Cloudmersive Email Threat Detection is a powerful, AI-driven Email security product with flexible deployment options to fit any sized enterprise. The Email Threat Detection API integrates directly with enterprise messaging servers (e.g., Exchange Online), investigating each new message for WormGPT- and human-generated spam content alike. All scanned emails are flagged based on the likelihood they contain spam content, equipping cybersecurity analysts and enterprise end-users with the information they need to avoid interacting with dangerous spam messages.

The Email Threat Detection API also incorporates 360-degree content protection via Cloudmersive’s Virus Scan API. This means the Email Threat Detection API scans email message containers and their file attachments for viruses, malware, executables, macros, and a wide range of additional zero-day threats. The Email Threat Detection API is designed as a one-stop-shop for all aspects of enterprise email protection.

For expert advice on protecting your enterprise against WormGPT threats, please do not hesitate to contact a member of our team.