ChatGPT as a weapon for hackers

A wave of sophisticated new cyberattacks is coming. Conversations with a dozen security firms in Silicon Valley show: cybersecurity needs to be rethought from the ground up.

ChatGPT as a weapon for hackers
Image: AI-generated illustration

ChatGPT is a powerful tool. That applies to criminals too. A wave of new, highly sophisticated cyberattacks is coming – with consequences for private individuals, small businesses and large corporations alike. Conversations with a dozen security firms in Silicon Valley paint a clear picture.

What is at stake

An intern at a Düsseldorf company receives a WhatsApp from her boss – profile picture, contact details, everything checks out. The boss urgently needs Apple gift cards from the office. The intern does the right thing. She sends the codes. The money – 2,500 euros – is gone. Today this kind of scam is crude and often spotted. With generative AI, that changes overnight. “The emails from the alleged Nigerian prince are going to get a lot better,” warns Jeetu Patel, head of cybersecurity at Cisco.

Why AI shifts the game

Until recently, fraudulent messages were often identifiable by bad grammar, clumsy salutations or unusual sender addresses. With AI chatbots, attackers now write messages that are linguistically indistinguishable – personalised to the recipient, referencing last night’s LinkedIn post, the child’s recent football match, the local accent. Publicly available data becomes ammunition. What used to require professional hacker groups will soon be within reach of amateurs.

What cybersecurity is doing about it

The defending side is also rearming. Companies like Cisco, Palo Alto Networks and Sysdig are deploying AI to detect anomalies in networks faster, filter suspicious messages and analyse phishing patterns in real time. Security expert Bruce Schneier describes it as an arms race in which both sides use the same tools. The winner will be whoever deploys data and models faster and more precisely – not whoever writes better regulations.

What this means for Germany

German companies have been slow on cybersecurity for years. Small and medium-sized businesses are entry points for attackers because they cannot afford a dedicated security team. In the age of generative AI attacks, that is especially risky. Policy needs to move faster – with mandatory reporting, clear accountability, obligations around two-factor authentication and a serious public awareness campaign. The security experts in Silicon Valley agree: the next 24 months will be decisive.

I wrote the full analysis for Handelsblatt.

With cybersecurity expert Bruce Schneier. Photo: Stephan Scheuer

More on Artificial Intelligence

All stories