Combating WormGPT: What You Need to Know

Discover the threat of WormGPT, a powerful blackhat form of generative AI for cybercriminals, and how it differs from ChatGPT.
July 25, 2023

In the age of artificial intelligence, email security is paramount. As technology continues to advance, so too does the threat of malicious applications and cyber attacks. One such threat is WormGPT—a powerful form of generative AI that has the potential to cause serious damage if left unchecked.

This article explores exactly what WormGPT is and how it works, highlights the differences between it and ChatGPT, discusses the serious threat posed by this technology, and provides insights into how you can maximize protection against WormGPT attacks. There is little denying that WormGPT is a serious threat, but with the right tools in hand, companies can ensure they stay secure from any potential threats.

What is WormGPT?

Like other generative AI tools, WormGPT is designed to learn from conversations and generate more realistic dialogue without the need for human guidance or intervention. This technology is already being utilized in various applications like ChatGPT and Google Bard. But what makes WormGPT so special?

At its core, WormGPT is based on deep learning algorithms and natural language processing (NLP). Deep learning algorithms allow the system to analyze data at a much deeper level than traditional machine learning algorithms and NLP enables the system to recognize different forms of language and interpret them accordingly. Through this combination of technologies, WormGPT can create complex conversational models which simulate human speech patterns. While its functionalities are very similar to other forms of generative AI, WormGPT lacks the safeguards and security checks put in place by ChatGPT or Google Bard. This makes it extremely easy for cybercriminals to create sophisticated malicious emails without setting off any red flags which is exactly why WormGPT was developed.

How Does WormGPT Work?

To understand how WormGPT works, it's important to look at the two key components of the model: the encoder block and the decoder block. The encoder block is designed to map input text into an internal representation within the model. It consists of several layers, each of which performs specific operations on words and phrases in the input text. These operations include:

  • Tokenizing words

  • Transforming them into numerical representations known as word embeddings

  • Creating sentence-level representations by combining individual word embeddings

The decoder block uses these same representations as well as an attention mechanism to generate output text. The attention mechanism connects the encoder and decoder blocks, allowing WormGPT to better understand relationships between words in both input and output texts. As the model generates output text from these internal representations, it can compare new inputs with previous outputs in order to make predictions about what comes next in a given conversation or query.

What Makes WormGPT Different from ChatGPT?

At a basic level, WormGPT is an open-source unsupervised learning system while ChatGPT is a closed-source supervised learning system. This means that WormGPT does not require human assistance in order to learn, while ChatGPT requires humans to provide feedback during its training process. This difference has implications for the scope of creativity available to each system; WormGPT can generate novel content that has never been seen before while ChatGPT is limited by the data it has already seen and cannot go beyond what it knows.

Another key distinction between these two systems relates to their data requirements; while ChatGPT relies on a corpus of text in order to generate responses, this is not necessary for WormGPT as it can learn from raw text data without any prior knowledge or context. As such, WormGPT can produce more realistic language than ChatGPT because it isn't restricted by pre-existing datasets or linguistic conventions. Additionally, whereas ChatGPT is trained on human conversations and designed to understand and respond to people, WormGPT does not need this kind of training and instead focuses solely on generating natural language from raw text data.

The Threat of WormGPT on Cybercrime

So why does this matter? While the rise of generative AI technology has presented a wide range of possibilities for companies and increased employee productivity, it also carries risk, as malicious actors can use it for bad. WormGPT is significant because it makes it much easier to create realistic attacks at scale—enabling cybercrime on a larger level.

The most common generative AI tools like ChatGPT, Google Bard, and Claude have explicit checks built in, in an attempt to prevent abuse and malicious use by threat actors. These tools work by sending users’ prompts to OpenAI, Google, and Anthropic, who then run the prompts through a series of checks in their models, before sending the output back to the user. That said, attackers can trick these checks fairly easily if they’re motivated.

For example, on ChatGPT a user could type in a request for an example of a phishing email for educational purposes and then use that example maliciously, as seen below:

Worm GPT1

Tools like WormGPT, on the other hand, use open-source models like LLAMA and GPTJ. Users run these models by downloading them to their own computers, which allows them to remove the check process entirely—they don’t need to be particularly savvy or do any work to trick the checks like they do with ChatGPT. This means there are no limits on the kind of content it could produce.

WormGPT's sophisticated artificial intelligence capabilities enable it to bypass security measures and impersonate legitimate users to access confidential data. This could potentially be used for identity theft or financial fraud. Moreover, WormGPT can generate large amounts of spam emails or text messages, disrupting communication networks and potentially damaging a company's reputation.

Example of How WormGPT Could Be Used for Cybercrime

WormGPT can be used to create a variety of different email attacks. Below is an example of a maliciously prompted business email compromise (BEC) attack:

Worm GPT2

In this example, the user provides WormGPT with specific information to help create a targeted email impersonating a CEO requesting payment for an invoice. As you can see, there are no spelling mistakes, and the grammar mirrors that of a real human (if not better).

Maximizing Protection: How You Can Stop WormGPT Attacks

If generative AI is so smart, how can these attacks be stopped? While generative AI makes it nearly impossible for the average employee to tell the difference between a legitimate email and a malicious one, there are tactics your organization can use to stop these attacks before they even reach the inbox. To protect against the ever-evolving threats posed by “bad AI” like WormGPT, companies must implement a modern solution that utilizes “good AI” to strengthen their email security.

AI-based detection systems like Abnormal use AI to understand the signals of known good behavior, creating a baseline for each user and each organization and then blocking the emails that deviate from that—whether they are written by AI or by humans. This allows your security team to spend less time filtering through employee emails and more time preventing the attacks before they reach the inbox.

In addition, companies can take other preventative security measures like staying abreast of the latest attack vectors, utilizing multi-factor authentication, and implementing access control measures. By following these best practices, businesses can maximize protection against malicious applications of this advanced form of generative AI technology.

Interested in learning more about generative AI in cybersecurity? Download our CISO Guide to Generative AI Attacks today!

Get Your Copy
Combating WormGPT: What You Need to Know

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Posts

B Maximize Cybersecurity Awareness Month
It’s the 20th anniversary of Cybersecurity Awareness Month! Make sure your workforce is prepared to combat emerging threats with these 5 tips.
Read More
B Health Care
Email attacks like BEC against the healthcare industry are on the rise in 2023. Protect yourself with sophisticated cloud-native email security.
Read More
B AI Series
Discover how Abnormal's advanced AI models are used to detect abnormalities in email behavior and protect organizations from the most sophisticated email attacks.
Read More
B Insights from Clemson University CISO
John Hoyt, CISO at Clemson University, shares his take on the unique cybersecurity challenges of higher education and how Abnormal Security can help.
Read More
B Nigerian Prince
Scams about the Nigerian Prince that promise millions have been around for decades. But they are transitioning, now using ChatGPT and similar tools to seem more convincing.
Read More
B 9 12 23 ATO
Learn why account takeovers are successful, how to detect and remediate them, and how to better protect yourself from cybercriminals in the future.
Read More