ChatGPT: Risks of professional use

Kaspersky_news

Share post

Many Germans use ChatGPT in their everyday professional lives. This can jeopardize the security of sensitive data.

According to a representative survey, almost half (46 percent) of working people in Germany use ChatGPT in their everyday work. The popularity of generative AI services and Large Language Models (LLM) poses the question to companies of the extent to which they can trust language models with sensitive company data.

Kaspersky experts have identified these data protection risks of professional ChatGPT use:

  1. Data leak or hack on the part of the provider: Although LLM-based chatbots are operated by large tech companies, they are not immune to hacking attacks or accidental data leaks. There has already been an incident in which ChatGPT users were able to see entries from other users' message history.
  2. Data leakage through chatbots: In theory, the chats can be used to train new chatbot models. Users should keep in mind that LLMs are vulnerable to “accidental storage”; that is, they can remember unique sequences such as cell phone numbers, which do not improve model quality but endanger privacy. All data that users enter into the training corpus can be accessed consciously or unintentionally by users of the same language model.
  3. Account hacking: Attackers can use phishing attacks or credential stuffing to break into employee accounts and access third-party data. In addition, Kaspersky Digital Footprint Intelligence [3] regularly finds Darknet posts offering chatbot accounts for sale.

The terms of use for collecting, storing and processing data with AI tools are more geared towards protection in the B2B sector than in the B2C sector. The B2B solutions usually do not store chat histories and in some cases no data is sent to the company server because the chatbot operates locally in the customer network.

Protection of confidential data

“The risk of sensitive data loss is highest when employees use personal accounts at work. Companies should therefore focus on making employees aware of the risks of using chatbots. On the one hand, they must understand which data is confidential, personal, or represents a trade secret and may not be forwarded to chatbots. On the other hand, companies should set clear rules for the use of these services, if they are allowed at all,” comments Anna Larkina, security and privacy expert at Kaspersky.

More at Kaspersky.de

 


About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/


Matching articles on the topic

Cyber ​​danger Raspberry Robin

A leading provider of an AI-powered, cloud-delivered cybersecurity platform warns about Raspberry Robin. The malware was first released in the year ➡ Read more

New scam Deep Fake Boss

Unlike classic scams such as the email-based boss scam, the Deep Fake Boss method uses high-tech manipulation ➡ Read more

Classification of the LockBit breakup

European and American law enforcement authorities have managed to arrest two members of the notorious LockBit group. This important strike against the ransomware group ➡ Read more

The Bumblebee malware is back

The Bumblebee malware is being used again by cybercriminals after an absence of several months. IT security experts were recently able to identify an email campaign that used the brand ➡ Read more

Microsoft Defender can be tricked

Microsoft's antivirus program Defender contains a component that is intended to detect and prevent the execution of malicious code using Rundll32.exe. This ➡ Read more

Ransomware attack on IT service providers

A data center owned by the Finnish IT service provider Tietoevry located in Sweden was recently attacked with ransomware. Numerous companies, authorities and universities are ➡ Read more

Threat potential from state actors

The extent of the current threat situation is illustrated by a cyber attack that recently occurred in Ukraine. According to the state ➡ Read more

Critical vulnerabilities at Fortinet

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, for example ➡ Read more