Offensive Security bans use of ChatGPT in cyber security certification exams

Programming language as seen on a computer monitor

(Image credit: Shutterstock)

IT and cyber security organisation Offensive Security has banned ChatGPT in its certification exams.

The company becomes the second major IT organisation to ban the use of ChatGPT after Stack Overflow did the same, prohibiting chatbot-generated answers back in December.

Stack Overflow temporarily bans ChatGPT from platform We asked ChatGPT to write our Christmas cards. It didn't go well Google "upends" internal teams to counter threat posed by ChatGPT

In its Offensive Security Certified Professional (OSCP) exam guide, Offensive Security now lists chatbots such as ChatGPT and YouChat under its exam restrictions list. Other restrictions included on the list are spoofing, commercial tools or services, automatic exploitation tools, and mass vulnerability scanners.

“Any tools that perform similar functions as those above are also prohibited. You are ultimately responsible for knowing what features or external utilities any chosen tool is using,” the company stated on its website. “The primary objective of the OSCP exam is to evaluate your skills in identifying and exploiting vulnerabilities, not in automating the process.”

The use of chatbots is also restricted from its other exams, including Offensive Security Web Expert (OSWE), Offensive Security Experienced Penetration Tester (OSEP), and Offensive Security Wireless Professional (OSWP). Although it’s unclear when these rules were added to the guides, all of them were updated five days ago.

IT Pro has asked Offensive Security - the team behind Kali Linux - why it has decided to ban the use of chatbots. However, it stated in its exam guide that it will not comment on allowed or restricted tools, other than what is already included in the guide.

Developed by OpenAI, ChatGPT has impressed IT professionals across the industry with its ability to generate sophisticated answers from text prompts provided by users.

Its power has been particularly evident in software development applications, being able to generate entire functions based on programmer prompts, and cyber security professionals have shown it can also generate basic vulnerability exploit code.

Despite this, Stack Overflow's decision to ban the tool from its platform was made after it concluded that answers generated using it were often too erroneous. Stack Overflow moderators said this could be harmful to users who search for help with their problems.

“Because such answers are so easy to produce, a large number of people are posting a lot of answers,” said the moderators. “The volume of these answers (thousands) and the fact that the answers often require a detailed read by someone with at least some subject matter expertise in order to determine that the answer is actually bad has effectively swamped our volunteer-based quality curation infrastructure.”

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.