ChatGPT: Risks of professional use

Kaspersky_news

Share post

Many Germans use ChatGPT in their everyday professional lives. This can jeopardize the security of sensitive data.

According to a representative survey, almost half (46 percent) of working people in Germany use ChatGPT in their everyday work. The popularity of generative AI services and Large Language Models (LLM) poses the question to companies of the extent to which they can trust language models with sensitive company data.

Kaspersky experts have identified these data protection risks of professional ChatGPT use:

  1. Data leak or hack on the part of the provider: Although LLM-based chatbots are operated by large tech companies, they are not immune to hacking attacks or accidental data leaks. There has already been an incident in which ChatGPT users were able to see entries from other users' message history.
  2. Data leakage through chatbots: In theory, the chats can be used to train new chatbot models. Users should keep in mind that LLMs are vulnerable to “accidental storage”; that is, they can remember unique sequences such as cell phone numbers, which do not improve model quality but endanger privacy. All data that users enter into the training corpus can be accessed consciously or unintentionally by users of the same language model.
  3. Account hacking: Attackers can use phishing attacks or credential stuffing to break into employee accounts and access third-party data. In addition, Kaspersky Digital Footprint Intelligence [3] regularly finds Darknet posts offering chatbot accounts for sale.

The terms of use for collecting, storing and processing data with AI tools are more geared towards protection in the B2B sector than in the B2C sector. The B2B solutions usually do not store chat histories and in some cases no data is sent to the company server because the chatbot operates locally in the customer network.

Protection of confidential data

“The risk of sensitive data loss is highest when employees use personal accounts at work. Companies should therefore focus on making employees aware of the risks of using chatbots. On the one hand, they must understand which data is confidential, personal, or represents a trade secret and may not be forwarded to chatbots. On the other hand, companies should set clear rules for the use of these services, if they are allowed at all,” comments Anna Larkina, security and privacy expert at Kaspersky.

More at Kaspersky.de

 


About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/


Matching articles on the topic

RAG development in just a few minutes

Playground is the new, low-code user interface from Elastic, the Search AI Company. It enables developers to use Elasticsearch to build ➡ Read more

Mass attacks against edge services

The cyber threat landscape in 2023 and 2024 will be dominated by mass attacks. A previous report on the professionalization of cybercrime ➡ Read more

Ransomware attacks 2023: Over 50 new families and variants

Ransomware attacks are a major and expensive problem for companies. In the last year, attacks have increased significantly, as the study ➡ Read more

TÜV Rheinland falls victim to cyber attack

Cyber ​​attack: According to a report, the company's subsidiary, TÜV Rheinland Akademie GmbH, was attacked by hackers and data was stolen. According to the ➡ Read more

Seeing NIS2 as an opportunity

With the upcoming deadline for implementing the NIS2 Directive, many companies are facing a significant challenge. Our observations show that many ➡ Read more

The Chinese hacker group Sharp Dragon

A provider of an AI-powered, cloud-based cybersecurity platform is warning about the Chinese espionage hacker group Sharp Dragon, formerly known as Sharp Panda. ➡ Read more

Danger from Phishing-as-a-Service Toolkit V3B

Banks and financial institutions in the European Union are facing an ever-increasing threat from cyber attacks. These threats are ➡ Read more

State data center saves on backups – total data loss

In Indonesia, there was a large-scale disruption of digital services on June 20: It emerged that a state data center ➡ Read more