GPT chat and data security: what you need to know to effectively manage risk
expert of the Wroclaw University of Economics and Business
The term artificial intelligence is starting to become the buzz term of today’s information society. People perceive a lot of usefulness in this term for themselves. However, few consider what artificial intelligence actually is and what its effects are or could be.
For artificial intelligence, the basis is data, the dimension of which is obtained by adding meaningful context. In the context of AI, one can speak of generativity, that is, augmenting data with random or algorithm-created data whose counterparts are difficult to find in the real world. Such uncontrolled generation of data and consequently knowledge can be detrimental to the user and potential recipient of content.
Already today, one should be very critical of solutions that use artificial intelligence, including in chatbots, for example. ChatGPT. All the more so as the creation of various types of malware becomes extremely easy for those using these tools. Until now, hacking into information systems or stealing data from those systems was reserved for those who displayed adequate knowledge of information technology, especially programming. Chatbots can even perfectly handle such activities. Here are two basic use cases:
- Data theft – the chatbot can be given conditions as to what data can be stolen from certain information systems. The chatbot will automatically generate the appropriate program code to perform such data theft. All this is accomplished through commands expressed in natural language.
- Malicious data encryption – a chatbot can be told how such an algorithm should be created in natural language. The chatbot’s knowledge will allow it to create such a malicious solution and implement it in the IT environment accordingly. In the case of man-made software, he could demand a ransom to decrypt the data. A chatbot would create such malware, but it is already virtually impossible to decrypt the data.
The problem of uncontrolled data generation, phishing attempts or control over the sharing of sensitive data by an unaware user is becoming a security bottleneck nowadays, especially for public benefit institutions and business.
There is a risk that some confidential information may be disclosed by chatbots if proper precautions are not taken in the area of data security. ChatGPT and similar generators can make interpretation errors or fail to understand the context, especially when it comes to more complex or specialized issues (hallucinating), which can lead to misinformation given to customers or business users. If a chatbot is not properly trained or does not provide satisfactory answers, it can lead to dissatisfied customers and a deteriorated company image.
There is also a risk that chatbots could be used to manipulate or spread misinformation, which could damage a company’s reputation. Similarly, incorrect or unsafe advice from AI generators can lead to problems and legal consequences for institutions.
Konflikt w Open AI
The importance of the above is reinforced by the recent reshuffle of OpenAI’s board of directors, one of the reasons for which was concerns about the direction of AI technology.
On November 17, 2023, OpenAI’s board of directors fired CEO Sam Altman in charge of leading the artificial intelligence research team. With the departure of Sam Altman from OpenAI, among others, the company has left. several leading employees, including three Poles (Prof. Alexander Wise, Jakub Pachocki and Szymon Sido). In addition to those mentioned, more than 500 employees out of a workforce of about 700 have threatened to leave OpenAI in a gesture of solidarity.
The reasons for Sam Altman’s dismissal are currently quite enigmatic. Officially, the board presented as the reason “Mr. Altman’s departure follows a deliberate evaluation process by the board, which concluded that he was not consistently sincere in his communications (he negotiated in bad faith with the company’s management).” According to the New York Times, however, the board was concerned and worried about developing artificial intelligence too quickly. AI was said to cause some risk, and Altman was said to have paid insufficient attention to the potential harm regarding the safety of AI development.
On November 22, 2023 Altman was reinstated, OpenAI will also face changes in its board of directors. This does not change the fact that the situation has shaken the market, perhaps presenting OpenAI as a colossus with legs of clay.
The aforementioned cases should be a contribution to a more critical approach to chatbots and the development of this technology, and the education of the public and a culture of safety about the capabilities of artificial intelligence should be the basis for the safe use of the conquest that is all kinds of chatbots including ChatGPT.
Roadmap dla instytucji – Chat GPT a ochrona danych
- Encryption of communications: Ensure that any communications sent via chat are end-to-end encrypted to protect data from unauthorized access.
- Authorization of users: Enter an authorization system that identifies and confirms the identity of each user using the chat room to avoid unauthorized access.
- Determining access levels: Assign appropriate levels of access to various chat functions depending on the employee’s role, limiting access to data to only the minimum necessary.
- Chat auditing: Conduct regular chat audits to monitor activity, identify possible data protection violations, and track communication history.
- Secure passwords: Enforce strong passwords for chat accounts, and encourage employees to change passwords regularly to increase the security of user accounts.
- File and attachment restrictions: Set restrictions on the type, size and format of files that can be sent via chat to minimize the risk of malware attacks.
- Data protection training: Hold regular training sessions for employees on data protection principles, including specific risks associated with chat use.
- Automatic data deletion: Enter a policy to automatically delete older chat messages, especially those containing sensitive information, to reduce the risk of data loss.
- Ensure compliance with data protection regulations: Ensure that all chat features comply with applicable data protection laws, such as RODO or other local regulations.
- Incident response: Develop a plan for responding to data security incidents in the context of chat, including procedures for reporting, tracking, and eliminating potential breaches.
