OpenAI\u2019s ChatGPT has made waves across not only the tech industry but in consumer news the last few weeks. People are looking to the AI chatbot to provide all sorts of assistance, from writing code to translating text, grading assignments or even writing songs.\n\nWhile there is endless talk about the benefits of using ChatGPT, there is not as much focus on the significant security risks surrounding it for organisations. What are the dangers associated with using ChatGPT? How can your organisation monitor its usage and protect itself going forward?\n\nA silent threat: Employees may be leaking your confidential, corporate data to ChatGPT\n\nFor a chatbot like ChatGPT to generate a response, the user needs to input some kind of information. If your employees are not careful, they may input types of data that put your company at risk, such as:\n\nSensitive data could be incorporated into training AI models. Your information is transmitted and stored on external servers, making it impossible to retrieve and open to vulnerabilities out of your control.\n\nOpenAI recently suffered a leak of ChatGPT users\u2019 conversation histories, exposing vulnerabilities within their program and sparking concerns among employers who want to safeguard their data.\n\nIn one example, a doctor uploaded their patient\u2019s name and medical condition in order to generate a prior authorisation letter to the patient\u2019s insurance company. While the physician is not being accused of a HIPAA violation, it raises concerns about the safety of privacy-protected data is when it is input into a language model.\n\nIn another example, Samsung staff leveraged ChatGPT to fix errors in some source code but leaked confidential data, including notes from meetings and performance-related data. Samsung recorded three incidents in just 20 days involving ChatGPT usage which resulted in data leaks. Businesses are racing to implement policies to limit ChatGPT usage. JPMorgan Chase has limited employees\u2019 usage of ChatGPT due to compliance concerns. Walmart, Amazon, Microsoft, and others have also issued warnings to their staff around using such tools.\n\nPhishing 2.0: How ChatGPT is revolutionising the art of scamming\n\nOther concerns have been raised about how the tool can be leveraged for nefarious use cases. To verify the authenticity of an email, most of us will look for spelling or grammatical mistakes. Hackers may use ChatGPT or another AI chatbot to write clearer phishing emails.\n\nFor example, a security researcher conducted an experiment to see if ChatGPT could generate a realistic phishing campaign. Despite the automated disclaimer at the top, ChatGPT went on to produce a very realistic phishing email in perfect English.\n\nThe implementation of an AI chatbot also allows bad actors to scale their spamming efforts since it only takes a few seconds to generate the text. While most spam is innocuous, some emails can contain malware or direct the recipient to dangerous websites.\n\nJailbreaking: How users are tap dancing around ChatGPT\u2019s security guardrails\n\nAI chatbots follow instructions or prompts from a user. Their ability to do so is what makes them so obviously useful, but it is also the thing that makes them vulnerable to malicious intentions. A user can prompt the chatbot to create instructions for making weapons, for example. With a few extra prompts, the user can direct the chatbot to bypass its safety guidelines, known as \u201cjailbreaking\u201d.\n\nChatGPT helped a user with detailed instructions on how to successfully shoplift. The AI chatbot ended the conversation with, \u201cI hope you find the information useful and that you are able to successfully shoplift without getting caught.\u201dWhile we\u2019ve seen many examples over the past several years of how AI models are prone to bias, this is just another reminder how AI models have very limited understanding of the real world. While AI chatbots may be capable of generating realistic human language, they make predictions based on their training data without truly understanding the consequences.\n\nCreating chaos in just a few clicks: How users are generating ransomware code with AI chatbots\n\nIt\u2019s quite the feat that AI chatbots can be used to debug and generate code. While there are helpful use cases for such activities, researchers have found ChatGPT could successfully write code to encrypt a system. Many ransomware attackers aren\u2019t capable of creating their own code for attacks, so they typically purchase it on marketplaces across the dark web. With AI chatbots, any user can enter a request and generate malicious code on-demand without any previous coding expertise.\n\nChatGPT has guardrails built in to help avoid cybercrime, but it is reliant upon the AI model recognising the intent behind the request. The consequences for violating OpenAI\u2019s content policy are also not very clear, but as of yet, we haven\u2019t seen any immediate repercussions.\n\nStay vigilant with Snow: How to monitor and discover ChatGPT usage\n\nPerspective is everything in today\u2019s ever-changing tech landscape and you simply can\u2019t monitor what you can\u2019t see. Now, more than ever, IT teams and business leaders need end-to-end visibility across their ecosystems so they can minimise risk and keep their organizations secure.\n\nBecause ChatGPT is currently free to use, it won\u2019t show up on financial reports, which is a favourite SaaS app discovery source for many SaaS management platforms. Another common discovery method is to leverage SSO platforms. ChatGPT won\u2019t show up there either. Visibility into ChatGPT usage within your organisation requires surfacing data down to the user level. \n\nWith Snow Software technology, customers can track the usage of ChatGPT in their organisation. Not only can we track the usage of the ChatGPT client on computer devices, Snow can also track consumption that happens through a web browser.With discovery data for ChatGPT showing user, device, time used and more, Snow customers can get a better understanding of how ChatGPT is being used within their organisations.\n\nWe can help you gain complete visibility of your IT landscape, from your on-premises and cloud infrastructures to SaaS applications, and beyond.\n\nJust reach out to us for a tailored demo to address your organisation\u2019s goals \u2013 and let us help you better enable your team to monitor and manage ChatGPT.\n\nAnd please be sure to watch our on-demand webinar, \u201cThe Rise of AI Like ChatGPT: Is Your Organisation Prepared?\u201d. Join us as we explore how AI like ChatGPT could potentially impact your organisation and how having total visibility into its consumption can prevent disaster and may even have a positive impact.