Security risks when using ChatGPT

America's largest bank, JPMorgan Chase, Amazon and technology company Accenture have all restricted employees from using ChatGPT over data security concerns.

According to CNN, the concerns of these businesses are completely grounded. On March 20, OpenAI's chatbot had an error that exposed user data. Although the error was quickly fixed, the company revealed that the incident affected 1.2% of ChatGPT Plus users. The leaked information included full names, email addresses, billing addresses, the last four digits of credit card numbers, and card expiration dates.

On March 31, Italy's data protection authority (Garante) issued a temporary ban on ChatGPT citing privacy concerns after OpenAI disclosed the vulnerability.

Mark McCreary, co -chair of data security and privacy at law firm Fox Rothschild LLP, told CNN that the security concerns surrounding ChatGPT are not exaggerated. He likened the AI ​​chatbot to a "black box."

ChatGPT was launched by OpenAI in November 2022 and quickly attracted attention for its ability to write essays, compose stories or song lyrics by giving them prompts. Tech giants like Google and Microsoft have also launched AI tools that work similarly, powered by large language models trained on huge online data stores.

When users enter information into these tools, they don’t know how it will be used, Mr. McCreay added. This is worrying for companies as more and more employees use tools to help write work emails or take notes for meetings, leading to a greater risk of exposing trade secrets.

Steve Mills, director of AI ethics at Boston Consulting Group (BCG), said companies are concerned about employees accidentally revealing sensitive information. If the data people input is being used to train this AI tool, they have given away control of the data to someone else.

According to OpenAI's privacy policy, the company may collect all personal information and data from service users to improve its AI models. They may use this information to improve or analyze their services, conduct research, communicate with users, and develop new programs and services.

The privacy policy states that OpenAI may provide personal information to third parties without notifying users, unless required by law. OpenAI also has its own Terms of Service document, but the company places much of the responsibility on users to take appropriate measures when interacting with AI tools.

ChatGPT's owners have posted on their blog about their approach to safe AI. The company emphasizes that it doesn't use data to sell services, advertise, or build profiles of users. Instead, OpenAI uses data to make its models more useful. For example, user conversations will be used to train ChatGPT.

Google, the company behind Bard AI, has additional privacy provisions for its AI users. The company will select a small portion of the conversation and use automated tools to remove personally identifiable information, which will help improve Bard while protecting user privacy.

Sample conversations will be reviewed by human trainers and stored for up to three years, separate from the user's Google account. Google also reminds users not to include personal information about themselves or others in conversations on Bard AI. The tech giant emphasizes that these conversations will not be used for advertising purposes and will announce changes in the future.

Bard AI allows users to opt out of saving conversations to their Google accounts, as well as review or delete conversations via a link. Additionally, the company has safeguards designed to prevent Bard from including personal information in responses.

Steve Mills says that sometimes users and developers only discover the security risks hidden in new technologies when it's too late. For example, autofill functions can accidentally reveal users' social security numbers.

Users should not put anything into these tools that they would not want shared with others, Mr. Mills said.