Anyone Can Make A Bot with GenAI: Here’s How
Kerry Coppinger
|Cyber Risks & Threats | July 27, 2023
If you’ve been an active internet user at some point over the past decade, you’ve likely heard the terms ‘bot’ and ‘fake user’ thrown around from time to time. Maybe you’ve even noticed an unexplainable spike in traffic to your company’s website or seen some suspicious accounts commenting on your social feed, or maybe you’ve even been the victim of a cyber attack.
But while we all understand what a bot is in theory, these often malicious automation tools can sometimes seem like a mystery to the average person. Many of us can’t seem to understand who is creating these bots, what purpose they serve, and where they come from. Until recently, it has seemed like a black box of information that only elite cyber hackers have access to.
However, with the introduction of Generative AI, these former trade secrets have become democratized.
Widely used, free AI tools have become introduced at mass scale over the past year, and everyday people have found ways to get these tools to do the work of a coder for them. Recently, I kept hearing stories about how non-technical users have been able to create and deploy malicious scrapers and crawlers with just a few clicks.
As someone who likes to see things before I believe them, I decided to conduct an experiment to see just how easy it would be for a malicious user to create and deploy a bot on another website using Gen-AI.
Within a few attempts, and some trial and error I – a brand marketer with zero python experience – was able to create and use a scraper within less than an hour.
Here’s how I did it:
1) First, I made sure I had a Python environment open on my computer (I used a free trial of the app PyCharm), as well as ChatGPT.
2) I prompted ChatGPT to create a simple crawler with the following language:
3) ChatGPT then instantly sent me code that I dropped into PyCharm (the ‘pip’ section was entered in the ‘terminal’ section of PyCharm, and the ‘python’ section was entered as a ‘Python File’):
4) I clicked “run” in PyCharm, and received an error message, which I then prompted ChatGPT to fix:
5) I followed the instructions outlined by ChatGPT, and then clicked to run the script again in PyCharm. It worked seamlessly this time and granted me the following output:
So what does this mean for the future of on-site security?
While the scraper that I created was innocuous and virtually harmless, the ease at which I was able to make and deploy it raises some concern. I also believe that since this was my first time attempting such a task, it would only become easier with time. Therefore, as Gen-AI becomes more advanced and widely used each day, it is reasonable for companies to be wary of the potential implications this has on their website security.
The democratization of bots will potentially cause an increase in cyber threats and fake traffic. Today, businesses make pivotal decisions based on website data, and if that data is polluted by bot traffic and fake users, it could be detrimental to the company’s livelihood. It is arguably more important than ever for organizations to improve their security posture and consider solutions for protecting all aspects of their website – from content to lead generation forms to product pages and everything in between. Generative AI moves fast, but companies who are aware of its potential risks can move even faster to protect themselves.
Interested to see how much bots and fake users are impacting your business? Book a free website scan.