Ask Jack: Beyond Writing Malware, What Other Risks Does AI Present For Internet Security?

By Jack McCalmon, The McCalmon Group, Inc.

I just read that artificial intelligence was able to write some pretty nasty malware. Oh boy, what else can we "look forward" to?


First, you are right. AI is writing malware, and while first reviews were that ChatGPT-written malware was not very sophisticated, other experts are drawing a different conclusion.

Often overlooked is how well AI will be able to uncover credentials. If AI can assimilate public information fast enough to write a paragraph in Ancient Greek on Egyptian demi-gods in seconds, imagine what it can do if it was able to scour your hard drives to guess your credentials?

According to one source:

About 50% of frequently used passwords may be cracked by AI in less than a minute, according to a recent study by Home Security Heroes. An AI password cracker called PassGAN was used in the study to test a collection of 15,680,000 passwords, and the results showed that 66% of passwords could be cracked in under an hour and about 51% of typical passwords could be cracked in under a minute. In addition, the survey found that 81% of passwords could be cracked within a month.

The good news is that if your password is over 18 characters, then AI has a more difficult time cracking the code. The bad news is it is difficult to try to remember an 18-random-character password.

The final takeaway is that AI may finally push us to biometric credentialing. It should also be noted that, like other useful things, although AI can be used for evil, it also can be used for good; specifically, to help improve security and spot attacks more quickly and effectively.

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.


Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Ask Jack: Can Trusted Agents And Contractors Play An Unknowing Part In E-Mail Compromise Attacks?

Are internal breaches the main concern for email compromise attacks? Jack explains why such attacks go beyond office walls.

Ask Jack: Can Dating Scams Cross Over Into The Workplace?

Scammers are using dating apps to scam money from people looking for love. How can that creep over to employers? Learn why the leap is pretty easy.

Ask Jack: Is Disconnecting From The Internet A Smart Move If You Think You Opened Malware?

Jack explains the value of disconnecting and shutting down if you think you have selected a bad link or opened a questionable attachment.