While AI apps have the potential to improve our work, they can also significantly expose sensitive data to external vehicles of data loss and further put organizations at risk of data breaches and non-compliance. As Yihua Liao, head of Netskope AI Labs, recently pointed out, “by acknowledging and addressing these challenges, security teams can ensure that AI is used responsibly and effectively in the fight against cyber threats.” It all starts with visibility. Security teams must leverage automated tools that continuously monitor what applications (such as ChatGPT) corporate users attempt to access, how, when, from where, with what frequency etc. It is essential to understand the different levels of risk that each application poses to the organization and have the ability to granularly define access control policies in real-time based on categorizations and security conditions that may change over time.
Here are some specific examples of how sensitive data can be exposed to ChatGPT and other cloud-based AI apps:
- Text containing PII (personally identifiable information) can be copied and pasted in the chatbot to generate email ideas, responses to customer inquiries, personalized letters, check sentiment analysis.
- Health information can be typed in the chatbot to craft individualized treatment plans, and even medical imaging such as CT and MRI scans can be processed and enhanced thanks to AI.
- Proprietary source code can be uploaded by software developers for debugging, code completion, readability, and performance improvements.
- Files containing company secrets like earnings report drafts, mergers and acquisitions (M&A) documents, pre-release announcements and other confidential data can be uploaded for grammar and writing check.
- Financial information like corporate transactions, undisclosed operating revenue, credit card numbers, customers’ credit ratings, statements, and payment histories can leverage ChatGPT for financial planning, documents processing, customer onboarding, data synthesis, compliance, fraud detection etc.
Read full article here.