Offensive Security bans use of ChatGPT in cyber security certification exams
It becomes the second major IT organisation to ban the use of the powerful tool that's taken the industry by storm
IT and cyber security organisation Offensive Security has banned ChatGPT in its certification exams.
The company becomes the second major IT organisation to ban the use of ChatGPT after Stack Overflow did the same, prohibiting chatbot-generated answers back in December.
In its Offensive Security Certified Professional (OSCP) exam guide, Offensive Security now lists chatbots such as ChatGPT and YouChat under its exam restrictions list. Other restrictions included on the list are spoofing, commercial tools or services, automatic exploitation tools, and mass vulnerability scanners.
“Any tools that perform similar functions as those above are also prohibited. You are ultimately responsible for knowing what features or external utilities any chosen tool is using,” the company stated on its website. “The primary objective of the OSCP exam is to evaluate your skills in identifying and exploiting vulnerabilities, not in automating the process.”
The use of chatbots is also restricted from its other exams, including Offensive Security Web Expert (OSWE), Offensive Security Experienced Penetration Tester (OSEP), and Offensive Security Wireless Professional (OSWP). Although it’s unclear when these rules were added to the guides, all of them were updated five days ago.
IT Pro has asked Offensive Security - the team behind Kali Linux - why it has decided to ban the use of chatbots. However, it stated in its exam guide that it will not comment on allowed or restricted tools, other than what is already included in the guide.
Developed by OpenAI, ChatGPT has impressed IT professionals across the industry with its ability to generate sophisticated answers from text prompts provided by users.
Its power has been particularly evident in software development applications, being able to generate entire functions based on programmer prompts, and cyber security professionals have shown it can also generate basic vulnerability exploit code.
Despite this, Stack Overflow's decision to ban the tool from its platform was made after it concluded that answers generated using it were often too erroneous. Stack Overflow moderators said this could be harmful to users who search for help with their problems.
“Because such answers are so easy to produce, a large number of people are posting a lot of answers,” said the moderators. “The volume of these answers (thousands) and the fact that the answers often require a detailed read by someone with at least some subject matter expertise in order to determine that the answer is actually bad has effectively swamped our volunteer-based quality curation infrastructure.”
What 2023 will mean for the industry
What do most IT decision makers really think will be the important trends and challenges in the coming year?Free Download
2022 Magic quadrant for Security Information and Event Management (SIEM)
SIEM is evolving into a security platform with multiple features and deployment modelsFree Download
IDC MarketScape: Worldwide unified endpoint management services
2022 vendor assessmentFree Download
Magic quadrant for application performance monitoring and observability
Enabling continuous updating of diverse & dynamic application environmentsView Now