The future of cyber attacks with Large Language Models

TNO and NCSC have conducted an exploration to try to identify how the impact of Large Language Models (LLMs), underlying technology for tools such as chatGPT, on the cyber threat landscape can be measured and monitored in the midterm future (3 to 5 years from now). By utilizing the Signposts of Change method from the intelligence world several scenarios for future threats are explored, including formulating indicators for whether this scenario is becoming reality. For example, one can expect a change in the behavior of C2 traffic when exploitation is automated through LLMs. A distinction in evolutionary and revolutionary change of the threat landscape is made, to distinguish between existing threats altering and fundamentally new threats due to LLMs. To ground this exploration in actual capabilities of LLMs, an overview of the ability of LLMs to assist in cyber attack techniques (with the MITRE ATT&CK framework) was made based on a review of the LLM literature. This overview forms the basis for the scenarios mentioned before and a similar method could be a starting point for a sector or organization specific analysis of the future impact of LLMs on cyber security.