Threat Research

Cato CTRL™ Threat Research: OpenAI’s ChatGPT Image Generator Enables Creation of Fake Passports 

Catonetworks
Cato CTRL™ Threat Research: OpenAI’s ChatGPT Image Generator Enables Creation of Fake Passports 

The introduction of image generation in ChatGPT has made it easier for individuals to create fake documents, including identity cards and passports. This development has significant implications for cybercrime, allowing novice users to perpetrate fraud without specialized skills. Organizations must adapt their fraud detection strategies to address these new risks. Affected: identity documents, organizations, online services, financial services, medical services

Keypoints :

  • OpenAI launched ChatGPT-4o with image generation capabilities on March 25, later making it available for free on March 31.
  • Users can manipulate ChatGPT’s image generator to create fake receipts and forged documents.
  • The 2025 Cato CTRL Threat Report highlights a shift to “zero-knowledge threat actors” empowered by generative AI tools.
  • Previously, creating fake passports required technical skills; now, it can be done in minutes with AI.
  • Basic prompts can bypass ChatGPT’s restrictions to produce convincingly altered documents.
  • With no expertise required, anyone can generate fake identity documents, increasing fraud risks.
  • Zero-knowledge threat actors can execute various types of fraud such as account takeover and medical fraud.
  • AI’s evolving capabilities improve the realism of forged documents, making them harder to detect.
  • Organizations need to enhance fraud detection mechanisms beyond traditional methods to combat these new threats.
  • The increasing ease of fraud generation necessitates greater education and verification methods across industries.

MITRE Techniques :

  • Technique: Credential Dumping (T1003) – Attacker uses forged identity documents to impersonate individuals and gains unauthorized access.
  • Technique: Identity Fraud (T1071) – Creation of fake identity documents without prior expertise, enabling various forms of fraud.
  • Technique: Account Manipulation (T1098) – Usage of fake credentials to open bank accounts or manipulate online services under false identities.
  • Technique: Data Manipulation (T1565) – Altering documents, such as medical records or contracts, to execute fraud.
  • Technique: Credential Stuffing (T1070) – Employing forged documents to access and control victim accounts.

Indicator of Compromise :

  • No IoCs Found

Full Story: https://www.catonetworks.com/blog/cato-ctrl-chatgpt-image-generator-enables-creation-of-fake-passports/