skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition
Study Examines Information Security Awareness of Large Language Models

Study Examines Information Security Awareness of Large Language Models

/ 3 min read

stories , information security , artificial intelligence , social engineering , large language models , cybersecurity awareness

Quick take - A study by researchers from Ben-Gurion University of the Negev examines the information security awareness of large language models, revealing that while these models can provide security advice, their effectiveness varies significantly and may unintentionally promote unsafe behaviors, highlighting the need for caution and improved prompt design in security contexts.

Fast Facts

  • A study from Ben-Gurion University examined the information security awareness (ISA) of large language models (LLMs), revealing gaps in their performance in security contexts.
  • Researchers developed 30 scenarios based on a mobile ISA taxonomy to assess LLMs, finding that their ISA is influenced by system prompts and temperature adjustments.
  • The study evaluated ten LLMs, including ChatGPT and Gemini, and found significant variations in ISA, suggesting that using multiple models may benefit users seeking security advice.
  • Findings indicate that LLMs may unintentionally promote unsafe behaviors and diminish users’ critical thinking, especially when security issues are not explicitly mentioned in queries.
  • The research highlights the need for caution in relying on LLMs for security advice and suggests that incorporating specific security instructions in prompts could improve their ISA.

Study on Information Security Awareness of Large Language Models

Overview of the Research

A recent study conducted by researchers from Ben-Gurion University of the Negev, Israel, has delved into the information security awareness (ISA) of large language models (LLMs). The authors of the study are Ofir Cohen, Gil Ari Agmon, Asaf Shabtai, and Rami Puzis, all affiliated with the Software and Information Systems Engineering department at the university.

The study focuses on the role of LLMs, which have become popular as assistants in various aspects of life. Despite efforts to align LLMs with social norms and ensure their safety, there is a notable gap in research on their performance in information security contexts. The study highlights that LLMs may unintentionally promote unsafe behaviors among users, largely due to their varying levels of ISA.

Methodology and Findings

To assess the ISA of LLMs, the researchers developed a comprehensive set of 30 scenarios based on a mobile ISA taxonomy. These scenarios address various areas such as application installation, virtual communication, and operating systems. The assessment revealed that the ISA of LLMs is somewhat influenced by temperature adjustments; however, it is significantly impacted by changes to system prompts.

The research evaluated ten different LLMs, including well-known models such as ChatGPT, Gemini, and Llama. An automated scoring method was employed to compare LLM-based judgments with human assessments. The findings demonstrated a substantial correlation between these two types of scoring, although there were considerable differences in overall ISA across the models. Each LLM exhibited distinct strengths and weaknesses in various security focus areas, suggesting that utilizing multiple LLMs could be advantageous for users seeking security advice.

Implications and Future Directions

The study underscores the potential threats posed by social engineering and points out that the rise of LLMs may diminish users’ critical thinking skills, rendering them more vulnerable to such attacks. The researchers identified that LLMs may offer unsafe advice when security issues are not explicitly mentioned in user queries, indicating a critical need for caution when relying on these models for security-related inquiries.

The methodology employed in the research involved formulating and validating scenarios with pilot models, with responses scored based on established criteria. The results suggest that incorporating specific security-related instructions into the system prompts of LLMs could enhance their ISA. Moving forward, the researchers aim to extend their assessment methods to additional domains, including cloud security and industrial control systems. Overall, this study contributes to the understanding of LLMs’ capabilities in providing cybersecurity support while raising significant concerns regarding their reliability in delivering safe and effective security advice.

Original Source: Read the Full Article Here

Check out what's latest

Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks
Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks
APT-K-47 Group Linked to Sophisticated Cyber Attack Campaign
APT-K-47 Group Linked to Sophisticated Cyber Attack Campaign
New Detection System for Advanced Persistent Threats Introduced
New Detection System for Advanced Persistent Threats Introduced