SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
ChatGPT plugin detects attacks against ChatGPT-generated code
Tue, 18th Jul 2023

Checkmarx has announced its CheckAI Plugin for ChatGPT, the industry's first plugin to detect and prevent potential attacks against ChatGPT-generated code. 

The plugin enables developers and security teams to protect against attacks caused by malicious open source packages and dependencies while working within the ChatGPT interface.

"Nothing more perfectly represents the decision-making tension faced by CISOs than the existence of both significant opportunities and new vulnerabilities presented by open source and GenAI-generated code," says Sandeep Johri, CEO at Checkmarx. 

"Checkmarx has long been a pioneer in application security for enterprise customers and, with GenAI playing an increasing role in application development, we are pleased to provide the first solution to help protect against the new generation of attacks already emerging. 

"With CheckAI, CISOs can rest assured that the superior developer experience will ensure that AppSec standards are met while accelerating applications time-to-delivery."

With the CheckAI Plugin for ChatGPT in combination with Supply Chain Threat Intelligence from Checkmarx, CISOs and application security leaders can ensure that development teams take advantage of time-saving GenAI tools like ChatGPT while remaining aligned and compliant with AppSec standards.

Within a highly productive environment featuring a superior developer experience, development teams can readily:

  •        Scan their GPT-generated code for vulnerabilities within the ChatGPT interface
  •        Receive instant feedback on potential vulnerabilities or validation of open source packages
  •        Employ protection against malicious open source packages

Working within the ChatGPT interface, developers can seamlessly search GPT-generated code for open source vulnerabilities and malicious packages.

"We are already seeing new attacks against GenAI solutions, including AI hallucinations and prompt injections, and the OWASP Foundation has already published the first draft of the OWASP Top 10 list for LLMs," says Ori Bendet, VP of Product Management at Checkmarx.  

"We are very excited to be the first AppSec vendor to provide real solutions to protect against these new types of attacks and encourage all GenAI solution providers to partner with us as we continue to expose new ones."

In December of 2022, Checkmarx AppSec security researchers discovered a vulnerability in the OpenAI signup process that could have allowed unlimited credit on new accounts. The team reported the vulnerability to OpenAI, who rapidly worked to resolve it. 
The CheckAI Plugin for ChatGPT is available as part of the ChatGPT plugins beta, which is currently available to all ChatGPT Plus users and protects against malicious packages and open source dependencies. Additional use cases, such as prompt protection, IaC validations, API validation and more will be added as part of planned future releases.

CheckAI is powered by application security platform Checkmarx One,  together with Checkmarx Supply Chain Threat Intelligence for detecting malicious open source packages. Purpose-built for cloud-native application development, Checkmarx One is highly scalable and integrates seamlessly with developer tools and development environments of choice.