- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
- Elden Ring, 2022's Game of the Year, hits a record low price of $20 on Amazon for Black Friday
- This is the best car diagnostic tool I've ever used, and it's only $54 in this Black Friday deal
Humans Still More Effective Than ChatGPT at Phishing
Human social engineers have been observed to perform better than artificial intelligence programs (AI) when trying to induce potential victims to click on malicious links.
The claims come from a new research paper by HoxHunt, which analyzed 53,127 emails sent to users in over 100 countries according to its phishing training workflow.
The study, authored by HoxHunt co-founder and CTO, Pyry Avist, suggests that professional red teamers managed to induce a 4.2% click rate compared to the 2.9% achieved by ChatGPT, outperforming the AI by 44.8%.
“Interestingly, there is some geographical variance between user failure rates on human vs. AI-originated phishing simulations,” Avist wrote. “The greatest delta between the effectiveness of human vs. AI-generated phishing attacks was among the Swedish population. AI was most effective against US respondents.”
HoxHunt clarified the experiment was performed before the release of ChatGPT 4, which is set to bring substantial improvements to the model.
“Large language models like ChatGPT will likely rapidly evolve and improve at tricking people into clicking,” reads the study.
Read more on ChatGPT-generated threats here: ChatGPT Creates Polymorphic Malware
At the same time, Avist added that current human risk controls should remain relevant even as AI-augmented phishing tools evolve.
“The more time people spend in training, the less likely they’ll fall for an attack, human or AI. You don’t need to reconfigure your security training to address the potential misuse of ChatGPT.”
Potential measures to improve protection against such attacks include updating awareness training programs to inform employees about the emerging technologies and trends in phishing tactics, according to Tanium’s director of endpoint security research, Melissa Bischoping.
“While the recipient of a phish is often the first line of defense, it’s important that you’re also investing in layers of defense like email, DNS, network and endpoint security monitoring and response capabilities.”
The HoxHunt study comes weeks after a BlackBerry survey showed the majority of security leaders across North America, the UK and Australia expect ChatGPT to be at the heart of a successful cyber-attack by the end of the year.
