New data from Netskope says employees continue to share confidential company information with others AI Authors and like chatbots ChatGPT despite the clear risk of leaks or breaches.
The research covers around 1.7 million users across 70 global organizations and found that an average of 158 monthly incidents of source code are posted on ChatGPT for every 10,000 users. This makes ChatGPT the biggest vulnerability for companies, ahead of other types of sensitive data.
While instances of regulated data (18 incidents/10,000 users/month) and intellectual property (four incidents/10,000 users/month) being posted on ChatGPT are far less common, it is clear that many developers are simply unaware of the harm that leaked source code can cause.
Be careful what you post on ChatGPT
In addition to ongoing risks that could lead to vulnerabilities for companies, Netskope also highlighted the boom in interest in artificial intelligence. The figures indicate a 22.5% increase in GenAI app usage over the past two months, with large enterprises with over 10,000 users using an average of five AI apps per day.
ChatGPT takes the lead with eight times the daily active users of any other GenAI app. With an average of six prompts per day, each user has the potential to cause significant harm to their employer.
Along with ChatGPT (84%), the top three Generative AI apps used by organizations worldwide include Grammarly (9.9%) and Bard (4.5%), which is itself seeing healthy growth of 7.1% per week compared to ChatGPT’s 1.6% per week.
Many will argue that uploading source code or other sensitive information can be avoided, but Ray Canzanese, threat research director at Netskope, says it’s “unavoidable.” Instead, Canzanese gives organizations the responsibility to implement controls around AI.
James Robinson, the company’s deputy chief information security officer, added, “Organizations should focus on evolving workforce awareness and data policies to meet the needs of employees productively using AI products.”
For administrators and IT teams, the company recommends blocking access to unnecessary apps or apps that pose a disproportionate risk, conducting regular user training, and using sufficient modern technologies to prevent data loss.
