Companies are struggling to keep corporate secrets out of ChatGPT
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Shoshana Gordon/Axios
Employers are struggling to figure out how to fold ChatGPT into their workflows without risking the security of their corporate secrets, customer information and intellectual property.
The big picture: Engineers and programmers across many industries have found great utility in refining code or double-checking their work by running it through ChatGPT.
- However, there has not been a lot of transparency around the collection of that data, where it goes or how it could potentially be used.
Driving the news: Using ChatGPT in corporate settings is about to get a lot easier after Salesforce unveiled plans this week to integrate the large language model chatbot into Slack.
- Salesforce isn't alone. Several technology companies, including Snap, have been racing to integrate generative AI into their consumer-facing products and tools.
What's happening: Increasingly, employers are getting nervous about how employees might use ChatGPT at work.
- Walmart and Amazon have both reportedly warned employees not to share confidential information in the chatbot.
- An Amazon corporate lawyer told employees the company has already seen instances of ChatGPT responses that are similar to internal Amazon data, according to Insider.
- JPMorgan Chase & Co. and Verizon have reportedly blocked employee access to the online tool.
- Meanwhile, OpenAI changed its terms of service last week so its models no longer use user inputs by default to train amid growing concerns about privacy risks.
By the numbers: 2.3% of workers have put confidential company information into ChatGPT, according to a recent report from Cyberhaven.
- A Fishbowl survey last month found that nearly 70% of employees who are using ChatGPT at work haven't told their bosses about it.
The intrigue: Employees are finding ways to evade corporate network bans blocking access to ChatGPT, Cyberhaven CEO Howard Ting told Axios.
- Ting said some companies believed employees had no access to the chatbot before Cyberhaven told them otherwise. "Users can use a proxy to get around a lot of those network-based security tools," he said.
Between the lines: The first step companies need to take to mitigate the security risks is to get visibility into how employees are actually using ChatGPT, Ting said.
- Business leaders will also need to place controls on whatever generative AI tools they end up using to prevent them from sharing highly sensitive corporate data with employees who aren't cleared to see it, Arvind Jain, CEO of workplace search company Glean, told Axios.
Meanwhile, companies aren't planning to completely eradicate ChatGPT from their systems. Instead, some have started seeking out custom generative AI solutions that come with more controls than ChatGPT.
- Peter van der Putten, director of the AI lab at Pegasystems, told Axios his firm is developing several new features following consumer demand for specific generative AI tools to help them craft advertising copy and in other cases.
- "From a cybersecurity point of view, you have more control if it's a specific use case, and it's not a freeform prompt," van der Putten said.
Yes, but: Placing total control on how generative AI learns and grows from customer inputs is an impossible task, Jain said.
- "These generative models, they're a black box, and no human can actually explain the algorithms behind the scenes," Jain said "They're uncontrollable in some sense."
Sign up for Axios’ cybersecurity newsletter Codebook here.
