The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


Is ChatGPT A New Security Threat?

image credit: (c) Sasun043420252 |
Julian Jackson's picture
Staff Writer, Energy Central, BrightGreen PR

Julian Jackson is a writer whose interests encompass business and technology, cryptocurrencies, energy and the environment, as well as photography and film. His portfolio is here:...

  • Member since 2020
  • 534 items added with 199,610 views
  • Mar 16, 2023

Utilities face many evolving security threats. Is the AI-driven chat bot ChatGPT one of them? A recent test of AI created “phishing” emails seemed to show that humans are better at suckering humans than AIs currently, although this may change...

Cybersecurity training company Hoxhunt compared phishing campaigns generated by ChatGPT against those created by people to determine which stood a better chance of deceiving an unsuspecting victim. They state that 90% of data breaches start with phishing.

To conduct this experiment, the company sent 53,127 users in 100 countries phishing simulations designed either by human social engineers or by ChatGPT. The phishing simulation was sent to users in their inboxes in the same way as they would receive any type of email. The test was set up to elicit three possible responses:

Success: The user reports the phishing simulation as dangerous via the Hoxhunt threat reporting button.

Miss: The user doesn’t interact with the phishing simulation at all.

Failure: The user takes the bait and clicks on the malignant link in the email; (of course, this is a simulation, so nothing dangerous happens).


The results of the phishing simulation created by Hoxhunt

In the end, human-generated phishing mails suckered more victims than any created by ChatGPT. The rate that users fell for the human-generated messages was 4.2%, while the rate for the AI-generated ones was lower, at 2.9%. That means bad human actors outperformed ChatGPT by about 69%.

The learning element of the study showed that security training is effective at reducing the users vulnerability to phishing attacks. Staff with a greater awareness of cybersecurity were less likely to fall for these phishing emails, whether they were generated by AI or humans. The percentage of users who clicked on the malignant link dropped from over 14% among the lowest-trained individuals, to 2-4% for those with greater cybersecurity training.



No discussions yet. Start a discussion below.

Julian Jackson's picture
Thank Julian for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network® is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »