Everybody appears to be set to use ChatGPT for evil. After all, what is the fun in making the world a better place if, instead, you can make fun of a poor large large-scale language model whose developers only hinted at what it could mean to be good?

Having not given up on machines finally taking over to beat the "humane" into "humanity," I recently looked at some ways to use ChatGPT more defensively.

An issue I have been struggling with is vendors like Apple providing very terse and unstructured vulnerability summaries. You may have seen my attempt to create a more structured version of them and to assign severities to these vulnerabilities. Given that there are often dozens of vulnerabilities and limitations of my human form, the severity I assign is more of a "best guess." So I figured I would try to automate this with ChatGPT, and the initial results are not bad. 

For example, let's take the last Apple vulnerability, CVE-2023-28206. This was an already exploited ("0-Day") privilege escalation vulnerability. 

Chat GPT delivers the following analysis:

Given the limited information, I think a score of 8.8, and the analysis, isn't bad. Personally, I would have rated it probably a bit lower. There is no network access here (I think). But it is "close enough".

I will probably add this to my Apple vulnerability parser and use this the next time Apple releases an update :)

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu