ChatGPT is revolutionizing the world of shadow IT, introducing new risks that organizations never anticipated. To fully leverage its speed and performance, IT and cybersecurity leaders must address the security implications. Recently, OpenAI reported that over 80% of Fortune 500 companies’ employees and departments are adopting ChatGPT, with enterprise workers experiencing a 40% performance boost according to a Harvard University study. MIT also found that ChatGPT enhances efficiency and reduces skill inequalities, allowing workers to accomplish more in less time. However, the greatest risk lies in accidental sharing of sensitive data with large language models (LLMs). Many employees are using ChatGPT without disclosing its purpose to their bosses, which raises concerns about sharing intellectual property, confidential pricing, financial analysis, and HR data. The memory of companies like Samsung accidentally divulging confidential information is still fresh in the minds of security and senior management leaders.
Organizations recognize the urgency to tackle this issue and are turning to generative AI-based approaches to address the security challenge. One of the strategies gaining interest is generative AI isolation, along with comparable technologies, to keep confidential data away from ChatGPT, Bard, and other generative AI sites. Businesses aim to balance the competitive advantages, such as efficiency, speed, and process improvement, that ChatGPT offers with a solid risk reduction strategy.
Education and Setting Expectations
Alex Philips, the CIO at National Oilwell Varco (NOV), has been actively educating his company’s board on the benefits and risks of ChatGPT and generative AI. He regularly provides updates to the board on the current state of the technology and advises on how to maximize value while minimizing risk. This ongoing education process helps establish expectations and ensures that incidents like Samsung’s leaks are avoided.
Emerging Technologies for Securing ChatGPT
Several new technologies are emerging to address the challenge of securing ChatGPT sessions while maintaining speed. Companies like Cisco, Ericom Security by Cradlepoint, Menlo Security, Nightfall AI, Wiz, and Zscaler offer solutions aimed at protecting confidential data. Each provider takes a unique approach to prevent data sharing. The most notable solutions gaining traction are Ericom Security by Cradlepoint’s Generative AI Isolation and Nightfall for ChatGPT. Cradlepoint’s approach uses a clientless virtual browser in their cloud platform to ensure data loss protection and enforce access policy controls. This setup prevents personally identifiable information (PII) and sensitive data from being shared. Nightfall AI provides multiple solutions, including browser-based redaction for ChatGPT, an API to detect and redact data used in training large language models, and integration with popular SaaS applications to prevent data exposure. These solutions have proven effective in protecting sensitive data across generative AI systems in the public domain.
Banning ChatGPT and similar generative AI chatbots has shown to have the opposite effect, fueling the use of shadow AI and posing greater challenges in data protection. Instead, a knowledge-based approach, where organizations pilot and implement gen AI-based systems, can eliminate risks at the browser level. Solutions like Ericom’s secure cloud architecture provide scalability and enable large enterprises to protect their employees from accidental data sharing. To turn the rapid pace of gen AI innovation into a competitive advantage, IT and security teams must stay updated on the latest technologies and techniques for safeguarding confidential data. By understanding the available options and their evolution, businesses can stay competitive in this knowledge-based era.
“Generative AI websites provide unparalleled productivity enhancements, but organizations must be proactive in addressing the associated risks.” – Gerry Grealish, Vice President of Marketing, Ericom Cybersecurity Unit of Cradlepoint
