GitHub Copilot: A Threat to High School Security? Exploring GitHub Copilot's Proficiency in Generating Malware from Simple User Prompts

This paper examines the potential implications of script kiddies and novice programmers with malicious intent having access to GitHub Copilot, an artificial intelligence tool developed by GitHub and OpenAI. The study assesses how easily one can utilize this tool to generate various common types of malware ranging from ransomware to spyware, and attempts to quantify the functionality of the produced code. Results show that with a single user prompt, malicious software such as DoS programs, spyware, ransomware, trojans, and wiperware can be created with ease. Furthermore, uploading the generated executables to VirusTotal revealed an average of 7/72 security vendors flagging the programs as malicious. This study has shown that novice programmers and script kiddies with access to Copilot can readily create functioning malicious software with very little coding experience. This paper discusses how this could potentially lead to an increase in internal attacks on schools due to the average age demographic of the target group. However, if used correctly this technology could potentially help this same demographic gain the skills needed for ethical hacking practices utilized in the cybersecurity space.