


Researchers find much of the code generated by ChatGPT is insecure, but it won't tell you
News on April 23, the ChatGPT chatbot can generate a variety of text, including code, based on user input. However, four researchers from the University of Quebec in Canada found that the code generated by ChatGPT often has serious security problems, and it does not proactively alert users of these problems, and will only admit its mistakes when users ask.
The researchers introduced their findings in a paper. IT House reviewed the paper and found that they had ChatGPT generate 21 programs and scripts involving languages such as C, C, Python and Java. These programs and scripts are designed to demonstrate specific security vulnerabilities, such as memory corruption, denial of service, deserialization, and encryption implementation vulnerabilities. The results showed that only 5 out of 21 programs generated by ChatGPT were safe on the first try. After further prompting to correct its erroneous steps, the large language model managed to generate 7 more secure applications, although this was only "safe" with respect to the specific vulnerability being evaluated, not to say that the final code didn't have anything else that could be done. Exploited vulnerabilities.
Researchers pointed out that part of ChatGPT’s problem is that it does not take into account the adversarial code execution model. It will repeatedly tell users that security issues can be avoided by "not entering invalid data," but this is not feasible in the real world. However, it appears to be aware of and admit to critical vulnerabilities in its proposed code.
Raphaël Khoury, a professor of computer science and engineering at the University of Quebec and one of the paper's co-authors, told The Register: "Obviously, it's just an algorithm. It doesn't know anything, but it can identify insecure behavior." He said that initially ChatGPT's response to the security issue was to recommend only using valid input, which was clearly unreasonable. It only provides useful guidance when later asked to improve the problem.
Researchers believe that this behavior of ChatGPT is not ideal because users knowing what questions to ask require some knowledge of specific vulnerabilities and coding techniques.
The researchers also pointed out that there are ethical inconsistencies in ChatGPT. It will deny the creation of attacking code, but will create vulnerable code. They gave an example of a Java deserialization vulnerability, "The chatbot generated vulnerable code and provided suggestions on how to make it more secure, but said it could not create a more secure version of the code."
Khoury believes that ChatGPT is a risk in its current form, but that’s not to say there aren’t sensible ways to use this unstable, underperforming AI assistant. "We've seen students using this tool, and programmers are using this tool in real life," he said. "So having a tool that generates unsafe code is very dangerous. We need to make students aware that if the code is Generated with this type of tool, then it's probably unsafe." He also said that he was surprised that when they asked ChatGPT to generate code for the same task in different languages, sometimes for one language, It will generate secure code, and for another language, it will generate vulnerable code. "Because this language model is kind of like a black box, I don't really have a good explanation or theory for this. ”
The above is the detailed content of Researchers find much of the code generated by ChatGPT is insecure, but it won't tell you. For more information, please follow other related articles on the PHP Chinese website!

There were some very insightful perspectives in this speech—background information about engineering that showed us why artificial intelligence is so good at supporting people’s physical exercise. I will outline a core idea from each contributor’s perspective to demonstrate three design aspects that are an important part of our exploration of the application of artificial intelligence in sports. Edge devices and raw personal data This idea about artificial intelligence actually contains two components—one related to where we place large language models and the other is related to the differences between our human language and the language that our vital signs “express” when measured in real time. Alexander Amini knows a lot about running and tennis, but he still

Caterpillar's Chief Information Officer and Senior Vice President of IT, Jamie Engstrom, leads a global team of over 2,200 IT professionals across 28 countries. With 26 years at Caterpillar, including four and a half years in her current role, Engst

Google Photos' New Ultra HDR Tool: A Quick Guide Enhance your photos with Google Photos' new Ultra HDR tool, transforming standard images into vibrant, high-dynamic-range masterpieces. Ideal for social media, this tool boosts the impact of any photo,

Introduction Transaction Control Language (TCL) commands are essential in SQL for managing changes made by Data Manipulation Language (DML) statements. These commands allow database administrators and users to control transaction processes, thereby

Harness the power of ChatGPT to create personalized AI assistants! This tutorial shows you how to build your own custom GPTs in five simple steps, even without coding skills. Key Features of Custom GPTs: Create personalized AI models for specific t

Introduction Method overloading and overriding are core object-oriented programming (OOP) concepts crucial for writing flexible and efficient code, particularly in data-intensive fields like data science and AI. While similar in name, their mechanis

Introduction Efficient database management hinges on skillful transaction handling. Structured Query Language (SQL) provides powerful tools for this, offering commands to maintain data integrity and consistency. COMMIT and ROLLBACK are central to t

Python GUI Development Simplified with PySimpleGUI Developing user-friendly graphical interfaces (GUIs) in Python can be challenging. However, PySimpleGUI offers a streamlined and accessible solution. This article explores PySimpleGUI's core functio


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

SublimeText3 English version
Recommended: Win version, supports code prompts!

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

SublimeText3 Mac version
God-level code editing software (SublimeText3)

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Atom editor mac version download
The most popular open source editor