ChatGPT-3 Security Labs

AI is currently a topic that is being addressed in most industries. This is no exception, especially for cybersecurity. Advantages could be realized, for example, in the automation of security analysis and thus in the relief of analysts. As is often the case, there are disadvantages here too. The use of AI makes it possible for a wide audience to achieve rapid success without in-depth knowledge.

The aim of the work is to research the effects of AI on cybersecurity. For this purpose, both the Blue Team side and the Red Team side are explored. Ultimately, the aim is to create labs that students can use to work on.

The topics were selected using a decision matrix with weights based on various criteria. This is intended to address the most relevant topics. A Proof of Concept (PoC) was then carried out for each selected topic. Topics have developed in the categories of reverse engineering, exploiting, threat modelling, phishing and prompt engineering.

In our research, we focused on prompt engineering, a recognized area in AI where control over the AI's output is consciously managed. Our experimentation revealed that retraining the AI through prompt engineering was facilitated more effectively using the OpenAI API, which allows the provision of "system content" to influence the AI's behaviour. Utilizing DAN as system content in our Hacking Lab, we successfully conducted various experiments, making potentially malicious requests to the AI without encountering blocking mechanisms. Our results, illustrated in the evaluated labs, showcase the efficacy of prompt engineering in achieving desired outcomes.