Many Germans use ChatGPT in their everyday professional lives. This can jeopardize the security of sensitive data.
According to a representative survey, almost half (46 percent) of working people in Germany use ChatGPT in their everyday work. The popularity of generative AI services and Large Language Models (LLM) poses the question to companies of the extent to which they can trust language models with sensitive company data.
Kaspersky experts have identified these data protection risks of professional ChatGPT use:
- Data leak or hack on the part of the provider: Although LLM-based chatbots are operated by large tech companies, they are not immune to hacking attacks or accidental data leaks. There has already been an incident in which ChatGPT users were able to see entries from other users' message history.
- Data leakage through chatbots: In theory, the chats can be used to train new chatbot models. Users should keep in mind that LLMs are vulnerable to “accidental storage”; that is, they can remember unique sequences such as cell phone numbers, which do not improve model quality but endanger privacy. All data that users enter into the training corpus can be accessed consciously or unintentionally by users of the same language model.
- Account hacking: Attackers can use phishing attacks or credential stuffing to break into employee accounts and access third-party data. In addition, Kaspersky Digital Footprint Intelligence [3] regularly finds Darknet posts offering chatbot accounts for sale.
The terms of use for collecting, storing and processing data with AI tools are more geared towards protection in the B2B sector than in the B2C sector. The B2B solutions usually do not store chat histories and in some cases no data is sent to the company server because the chatbot operates locally in the customer network.
Protection of confidential data
“The risk of sensitive data loss is highest when employees use personal accounts at work. Companies should therefore focus on making employees aware of the risks of using chatbots. On the one hand, they must understand which data is confidential, personal, or represents a trade secret and may not be forwarded to chatbots. On the other hand, companies should set clear rules for the use of these services, if they are allowed at all,” comments Anna Larkina, security and privacy expert at Kaspersky.
More at Kaspersky.de
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/
Matching articles on the topic