CSI Talk #20

Fredrik Heiding

AI programs, built using large language models, make it possible to automatically create phishing emails based on a few data points about a user. They stand in contrast to traditional phishing emails that hackers manually design using general rules gleaned from experience. The V-Triad is an advanced set of rules for manually designing phishing emails to exploit our cognitive heuristics and biases. In this study, we compare the performance of phishing emails created automatically by GPT-4 and manually using the V-Triad. We also combine GPT-4 with the V-Triad to assess their combined potential.

Speaker Bio:
Fredrik Heiding is a research fellow in computer science at Harvard John A. Paulson School of Engineering and Applied Sciences. His research focuses on how Artificial Intelligence can improve and automate cyberattacks, and how protect against these AI-enhanced cyber threats. Fredrik is a memer of the World Economic Forum’s Center for Cybersecurity, where he contributes with knowledge of AI-enhanced phishing and IoT hacking. He is a teaching assistant to the generative AI for business leaders course at Harvard Business School, and a member of Harvard’s AI Student Safety Team.