OpenAI recently started allowing users to create their own custom chatbots called GPTs (Generative Pre-Trained Transformers). This has led cyber security professionals to create a multitude of unique AI-powered chatbots.
With no coding required, users can are able to harness the power of ChatGPT to create tailormade GPTs.
Hundreds of cyber security-specific GPTs have already been created, with thousands more surely on the way.
To help you figure out which GPTs are most useful to your cyber security journey, we’ll detail some of our favorite GPTs. We’ll show you how they are made, what these GPTs are capable of, as well as concerns and limitations.
What Are GPTs?
GPTs leverage the power of GPT-4 Turbo, enabling users to create custom AI bots.
OpenAI says creating a GPT is “as easy as starting a conversation.” This is because no coding is required to customize a GPT. Simply provide it with instructions, and it will do the rest. If you haven’t thought of the more granular ways you want your GPT to act, don’t worry. During the customization process, the GPT Builder will ask you questions to help refine your GPT.
To help organize and monetize your new GPTs, OpenAI will open the GPT store later this month. The store will create a leaderboard highlighting the most popular GPTs, allowing users to search for GPTs and creators to make money from their GPTs.
GPTs are only available to paying customers.
How Are GPTs Different?
Unlike ChatGPT, GPTs are hyperfocused chatbots whose information can be customized.
GPTs run on GPT-4 Turbo, which means they have access to all information found on the web up to April 22nd. However, GPTs aren’t limited to web-based datasets. GPTs allow creators to add their own information and files that can’t be found online. This information can then be prioritized above web-collected information.
In other words, you can provide your GPT with your expert knowledge base and have it refer to and respond with that information first. This can potentially make custom GPTs far more accurate on specific fields.
GPTS can also be customized by avoiding certain topics, answers, and information.
List of Cyber Security GPTs
There are hundreds of cyber security GPTs already available via ChatGPT. Due to the ease of creation, cyber security GPTs can be found in abundance and will continue to be created at a rapid pace.
Here is a list of our favorite cyber security GPTs that we have been created thus far.
Cyber Security Guidance/Career Development
Cyber Security Career Mentor gives you access to the best cyber security-related guidance and advice for those pursuing a career in cyber security. This GPT tailors its responses to those who are new to the field.
With so much career guidance on the web, knowing which information you should believe can be difficult. This GPT is created by Nathan House of StationX and, as such, provides you access to his years of experience in assisting both beginners to cyber security and industry professionals to meet and exceed their career goals.
Cyber Charli is designed to educate children between the ages of 8-12 about cyber security in a way they can easily understand and digest.
The GPT attempts to use storytelling and interactive games to better serve its intended audience.
Cyber Charli also advises parents on how they can best keep their children safe when using the Internet. This GPT was designed by a Dutchman and, as such, is available in both English and Dutch.
Cyber Mentor is a handy cyber security assistant that can help you learn about a range of topics from foundational to more advanced.
It provides explanations, tutorials, and insights to help students learn. It tailors its teaching approach to the user and often uses real-world examples and anecdotes to teach students. Just like a real-life mentor would, Cyber Mentor also encourages and offers support by way of constructive feedback and positive reinforcement.
Interviews for pentesting positions are notoriously difficult. Better prepare for your interview with the help of Pentester Interviewer.
This GPT works by asking users questions related to offensive security. After you’ve answered a question, the GPT will evaluate your response, offer feedback, and explain how your answer could be improved.
Coding
Betterscan.io AI Code Analyzer
Analyzes, reviews, and provides advice on how to improve code written in various languages. Betterscan can offer advice on coding best practices, identify bugs, and, of course, recognize potential security concerns. Simply upload your code and let Betterscan do the rest.
Via secure coding exercises based on the OWASP Top 10, users can practice identifying and fixing vulnerabilities found in their code.
Code Security is a hands-on GPT that provides users with vulnerable code. Users then analyze the code, are asked probing questions, identify vulnerabilities, and ultimately implement a solution.
Red Team
This GPT is a bilingual (English and Spanish) cyber security assistant specializing in penetration testing.
It’s programmed to provide in-depth guidance on a variety of cyber security information but specializes in ethical hacking. Unlike similar cyber security GPTs, this one uses a friendly and supportive tone when conversing with users. Another unique quality is its pentesting cheat sheet that provides quick references related to the task at hand.
HackTricksGPT provides advice on cyber security, ethical hacking, and digital protection. It draws most of its advice from the ‘HackTricks’ book series. These books drill down on various cyber security topics, but primarily teach ethical hacking.
Answers are tailored to an individual’s knowledge base. The more advanced a user’s knowledge base is, the more technical a response they will receive.
MagicUnprotect specializes in understanding and explaining malware evasion techniques. Learn all about evasion techniques such as anti-sandboxing, anti-bugging, process injection, obfuscation, anti-forensic methods, EDR evasion, and more.
MagicUnprotect also offers guidance on YARA, Sigma, and Capa rules creation and can identify obfuscation algorithms in malware and aid in the decoding of malware.
The creator of this GPT explicitly forbade the bot from being used to create or deploy malware.
Everyone loves pentesting; nobody likes the paperwork involved. Pentest Reporter makes the obligatory task of writing a pentest report easier by providing assistance when it comes to:
- Title
- Vulnerabilities identified
- CWE references
- Proposed CVSS score
- Remediation plans
While not designed to write the whole report for you, it aims to streamline the process of writing a comprehensive penetration report.
Blue Team
ATT&CK Mate aims to provide users with the latest tactics, techniques, and procedures (TTPs) listed under the MITRE ATT&CK Framework.
All responses are based on the ATT&CK Framework; however, it will also use related and vetted sources to help users better understand TTPS.
CVEs is designed to look up metadata about Common Vulnerabilities and Exposures (CVEs).
Use the CVE identifier to ask a question about a certain CVE. Data will then be retrieved and presented in a structured format that includes metadata, descriptions, affected products, impact assessments, solutions, and workarounds.
Stay up-to-date on the latest threat intelligence on Advanced Persistent Threats (APT) with Threat Intel Bot.
Threat Intel Bot gathers information from the following sources:
- Recent news
- Government reports
- Security bulletins
- MITRE ATT&CK Framework
- Updates from cyber security companies and intelligence firms
After searching the bot for cyber attacks that took place in October of 2023 it returned a number of attacks. This suggests its creator is feeding it new information from the sources listed above in order to keep it up to date.
Threat Modeling purposes to identify potential threats, vulnerabilities, and mitigation strategies.
Users can upload diagrams, and Threat Modelling will provide a comprehensive analysis from a threat modeling perspective.
To get the most out of this GPT you’ll want to provide a granular picture of your system, including architecture, data flow, components, and other pertinent information. You'll receive a list of potential threats based on the data you’ve fed the GPT. Mitigation strategies will then be provided based on the analysis of system weaknesses.
SOC
CyberGuard advises users on how best to set up, troubleshoot, and harden home and small enterprise networks.
CyberGuard’s intended user has very little IT and cyber security knowledge. It tries to take all the guesswork out of the equation by asking you to describe your obstacles in detail before providing solutions that even novices can understand and implement.
It can also remember previous answers from prior sessions to further customize interactions.
SOC Copilot is programmed to assist Security Operations Centre (SOC) analysts with all their cyber security needs related to SOC.
Some of its specialized functions include:
- IoC detection
- Identifies risk based on information provided to GPT
- Compliance guidance
- MITRE ATT&CK Stage Mapping
- Yara rule creation
Teaming up with SOC Copilot can streamline your SOC needs.
Miscellaneous
Everyone knows you’re not a real hacker until you have an AI-generated hacker-themed profile picture and background.
By answering a few prompts, Hacker Art can quickly create an AI-generated picture to use on your hacker-related accounts.
Created by the website Hacker News, this GPT summarizes the most compelling cyber security and IT-related stories featured on the Hacker News website. It offers weekly and daily summaries, discussions, and news based on a user’s input.
As this GPT is updated by Hacker News on a daily basis, its news is up-to-date.
What Are Cyber Security GPTs Capable Of?
Each cyber security GPT is customized with different capabilities in mind.
To give you a sense of just how capable a cyber security GPT is, let’s dive into the Cyber Security Career Mentor GPT.
As previously mentioned, this GPT is programmed to guide cyber security beginners and professionals through their cyber security careers.
To use the AI Cyber Security Career Mentor you can message the prompt or click on one of the recommended questions to get started.
Clicking the preset question, “What are the best cybersecurity certifications for beginners?” I’m provided with the following response:
The answer provides a list of six certifications that beginners can consider pursuing.
So how is this different than the results you might see if you use regular ChatGPT?
Typing the same question into ChatGPT you will receive the following response:
While there is some overlap in the response, there are a few stark differences.
For one, ChatGPT recommends that a beginner pursue the CISSP certification. CISSP is a great cyber security certification to have under your belt; however, it’s not meant for beginners. CISSP is designed for seasoned security practitioners and managers with years of experience already who want to showcase their mastery of a broad range of security techniques and principles.
ChatGPT also recommends that beginners attempt to take the Offensive Security Certified Professional certification (OSCP). This penetration testing certification is designed to test one’s ability to engage in real-world pentesting scenarios. This is an incredibly complex exam that requires test takers to hack into a series of vulnerable machines and capture flags within 24 hours.
The certification has been rebranded as “OffSec Certified Professional” (suggesting out-of-date information), and it is recommended that students attempting this challenge have foundational security knowledge and scripting familiarity already.
The juxtaposition between these two responses to the same question illustrates the importance of using a cyber security GPT such as Cyber Security Career Mentor for your cyber security-related questions and needs.
Concerns and Limitations of GPTs
While many will sing the praises of GPTs, there are still plenty of concerns and limitations that you should be aware of.
The most pressing is that even though GPTs run on GPT-4 Turbo the latest information you can access is from prior to April 22nd (unless you feed it your own information). This means GPTs may not have access to the most updated information on the topic it's designed to be an authority in.
Let’s also remember that GPTs can be customized. GPTs are only reliable as the data its creator allows it access to. Should a creator have an information bias or a preference for faulty information, the quality of the GPT will suffer as a consequence.
Lastly, never supply ChatGPT with sensitive or confidential information. This information will be saved by ChatGPT, which other users can then access at a later time. While OpenAI has measures in place to protect user data, data leakage is still a risk.
Conclusion
Cyber security GPTs are customized bots created to aid you in your cyber security needs. A range of bots have been programmed to help you with every cyber security-related need you might have.
GPTs are easy to create, meaning there is a low barrier to entry when it comes to GPT creation. Be leery about which GPTs you use, and be sure to vet the creator before putting too much stock in the responses you receive.
Cyber security GPTs are being created left and right. With new bots being created every day, it’s easy to let one slip through the cracks and go unnoticed. If you have a favorite cyber security GPT that you think should be on our list, comment below, and we’ll take a look.
ok, so where do I get started? Are there ChatGPT courses that you can recommend? Any courses that lean towards cybersecurity? Cost?