ChatGPT

Problem

ChatGPT is an artificial intelligence chatbot that understands and generates human-like text. It can converse, answer questions, and assist in tasks like writing and information retrieval, making it useful for anything from customer service to personal research.

In a platform like ChatGPT where automated conversations can involve customer's personal information (PII or PHI), it's crucial that the ChatGPT integration needs to be protected:

• Attackers target ChatGPT: In OpenAI's March 2023 press release, OpenAI confirmed a data breach which exposed chat history, name, email address and payment information stored by the company for 1.2% of subscribers.
• ‍Regulatory Compliance: Many industries are subject to regulations that require certain standards for data protection, such as GDPR for personal data in the European Union, or HIPAA for health information in the U.S. A DLP strategy can help ensure compliance with these regulations.
• Accidental Sharing: Employees could unintentionally expose sensitive internal information during a conversation with ChatGPT, thinking that they're in a safe, internal environment or mistaking it for a human colleague. Independent researchers estimate 11% of what employees enter into ChatGPT is confidential, with the average company leaking sensitive data to ChatGPT hundreds of times each week. As of May 2023, OpenAI is integrated with more than 120 third party plugins increasing data sharing risks further.
• ‍Cost of Data Breach: In the first six months of 2019, a reported 3,813 data breaches affected 4.1 billion records, an increase from 2018. Of which, 70% of leaks exposed user emails, while 65% included sensitive information revealing passwords. According to IBM, the average time it takes for an organization to identify a data breach occurred is 206 days, with an organizational cost of $3.92 million.
• Data Control Misconfiguration: By default, ChatGPT will retain your chat history and use it to train its models. ChatGPT may inadvertently disclose sensitive information it has been trained on if it misinterprets a query causing data leaks. Currently, the task of configuring data controls is left to the employees which is error prone. Misconfigurations are bound to happen unless organizations have a way to centrally manage these configurations.

ChatGPT is an invaluable tool that boosts employee productivity. However, due to growing concerns around data security and privacy a growing number of companies including Apple, Goldman Sachs and Samsung have started banning employees from using ChatGPT at work. Strac addresses these concerns with a secure Chrome Extension that allows for the safe, effective use of ChatGPT, offering the benefits of this powerful AI tool while maintaining crucial data security standards.

Solution

Strac ChatGPT Chrome Extension is a Data Loss Prevention (DLP) solution.

• It discovers (aka detects) sensitive messages. You can turn on Strac Chrome Extension to just get findings of sensitive messages shared with ChatGPT.
• It blocks conversations containing sensitive messages and allows administrators to review findings of sensitive messages shared.

Below is a sample list of sensitive data elements that will be detected & redacted:

• Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
• PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
• PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
• Payments (aka Financial Details) or PCI (Payment Card Industry) Data Elements: Bank Account, Routing Numbers, Credit Card Number, CVV, Expiration Date, Debit Card, IBAN, etc.‍
• Secrets: API Keys, Passwords, Passphrases, etc.
• Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
• Physical Network: IP Addresses, MAC Address, etc.
• Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.
• Profanity: Curse words, abuse words, offensive content, etc.
• Voice Call Recordings: Audio or Video recordings that have sensitive data
• Custom: Create your own rules or use regex

Checkout Strac's catalog of sensitive data elements that Strac automatically detects and redacts.

The decision to secure your clients' sensitive data is not merely a choice—it's a necessity. With Strac's ChatGPT Chrome Extension, you can ensure data security, maintain compliance, and protect your brand's reputation while enhancing productivity.