Like many other IT professionals, I've been playing with ChatGPT in the past months.
I've collected some great links you might appreciate, but before that, I'd like to criticize some critics against ChatGPT.
Misconceptions
ChatGPT and other AI-based tools are just tools. Many articles assert that ChatGPT is not "intelligent" or "full of bugs," but it's not a hidden truth:
ChatGPT is incredibly limited, but good enough at some things to create a misleading impression of greatness. it’s a mistake to be relying on it for anything important right now.
Source: Sam Altman, the CEO of OpenAI
The program itself constantly reminds you should be careful with the output, as it may contain false statements, bad implementations (e.g., codes, scripts), and many other inaccuracies.
Some articles say AI-generated code is inherently bad and give a false sense of security or performance, which is true in some cases but does not get things done.
If you read ChatGPT's answers at face value, you put yourself at risk, but we should acknowledge the technology is already impressive, and if you use the right prompt, you might go to the next level...
So, what is a "good" critic?
I found this post very insightful and balanced. The author explains why he thinks ChatGPT is not best suited for security review, as it's currently limited to 4096 tokens and will likely generate false positives and negatives.
Security often requires a high level of abstraction and, above all, contextualized analysis while the app only provides static analysis on training data, for now.
Besides, Open AI displays an explicit warning every time you connect to the interface:
don't use it for sensitive data
Data collected during security operations are usually confidential, so disclosing it to a third-party actor without any agreement would be a pretty bad move!
7 links to get better results
There are more and more resources, but the vast majority of users do not master ChatGPT prompts.
The prompt is the initial text or input for ChatGPT. Depending on what you ask the AI, you can get very different results.
You must guide the model to get what you want. Otherwise, the answers might be very generic and unsatisfying for you.
Here are 7 links to go to the next level:
Open API Playground (with other AI tools and the ability to fine-tune parameters)
Understanding Chat-GPT, And Why It’s Even Bigger Than You Think
Wrap up
Step back and don't read ChatGPT at face value, but don't forget to enjoy it.