Zluri Features

  • 3 min read

How Zluri can Detect and Manage ChatGPT Users for Improved Data Privacy and Security

Rohit Viswanathan

6th June, 2023

SHARE ON:

Artificial Intelligence (AI) has become a buzzword in today's world, and Chatbots are one of the most popular forms of AI. Chatbots are intelligent computer programs that can hold conversations with humans.

They are widely used by companies for customer service, virtual assistants, and other applications. ChatGPT is one such popular chatbot that uses an AI algorithm to converse with humans.

However, with the increasing use of ChatGPT, there has been a growing concern about privacy and security. Companies want to track ChatGPT users to ensure that their data is secure and that they are not misusing company resources. 

How ChatGPT security issues are different from anything that’s come before

With any type of data breach that came before, companies would be able to localize the impact so it limits the data breaches’ reach. There was centralized context about vulnerable entry points where damage control actions could be taken to prevent future issues.

But since ChatGPT is on a public domain and isn't controlled centrally, companies struggle with identifying the perpetrator of the leaks, the entry points & end up having very limited context on the attack or how to limit control without a way to monitor who has access & how ChatGPT could use this information in its models.

Why ChatGPT is a security concern for companies

1. Confidential leaks: With ChatGPT, the first problem companies face is the possibility of employees using company data to train ChatGPT models. This is a serious concern since company data is confidential and should not be used for any other purpose. If employees use company data to train ChatGPT models, it could lead to a breach of data privacy.
   
   We came across a few real-world customer problems where QA & engineering teams were using internal code to generate unit and integration test cases for automation from ChatGPT. This creates two major issues:
   
   a. Patented information becomes public which can lead to serious repercussions since competitors will be able to get a hold of this intel and also use it against you by removing any product based competitive advantage you might have had.
   
   b. It also means the feature or product is actually launched to the public when it should only be for customers and your intended target audience

2. Security breach: Unauthorized access is another issue that companies face with ChatGPT. Based on compliance and auditory policies, ChatGPT users might not fall into that category and it could become a gray area for IT
   
   a. For example: If an IT or CS executive was trying to automate their ticket resolution process through ChatGPT, it requires sharing historical resolution information of your customer or internal issues with ChatGPT. The model now has access to information like customer intent, RCAs, tech infrastructure models etc. This is an access violation that teams might never find out about until it's too late.

How Zluri can help

Zluri is a cloud-based platform that helps companies manage their SaaS applications. Zluri can discover and detect if a user is logged into ChatGPT with their official work or company email ID.

Zluri does this in two ways. 

1. Firstly, it integrates directly with the Single Sign-On (SSO) of your company or the Identity Provider of your company. It pulls information from the SSO about the list of users and applications your organization currently uses. If a user has signed up or logged into ChatGPT, it will show up on Zluri’s dashboard. 

2. Secondly, Zluri provides a browser extension that captures the URL of the site, the title of the website, and the log-in/log-out times. Zluri authenticates if the user is a valid user and matches URL information with their database. If these steps are successful, Zluri populates the information on the dashboard.

What information do companies get from discovery

Once companies have discovered ChatGPT users on Zluri's dashboard, they can gather valuable information.

1. Companies can see the number of users using ChatGPT, their log-in/log-out times, 

2. How often they use it (usage%),

3. What is the CVE score of these user accesses, 

4. Their most recent activity on ChatGPT.

This information can help companies track the usage of ChatGPT and ensure that it is being used for the intended purpose.

What actions can you take?

Zluri provides several actions that companies can take once they have discovered ChatGPT users on their dashboards. 

1. Firstly, companies can notify the user and mark ChatGPT as restricted for the organization. This will prevent the user from using ChatGPT in the future.

2. Secondly, companies can mark the user as suspended or inactive on Zluri and take subsequent action.

3. Lastly, companies can revoke the user's work ID access automatically from Zluri

Conclusion

ChatGPT poses a significant threat to data privacy and security, and it is essential for companies to track and manage its usage. Zluri offers a comprehensive solution that helps companies discover ChatGPT users, analyze their usage, and take action to ensure data privacy and security. With its SSO integration and browser agent methods, Zluri provides companies with a quick and efficient way to track ChatGPT usage. By restricting access, marking users as inactive or suspended, and revoking access automatically, companies can prevent unauthorized access to company data. Moreover, the analytics provided by Zluri help companies monitor ChatGPT usage and identify potential security risks. If you're looking for a solution to track and manage ChatGPT usage in your company, Zluri is the perfect tool for you.

About the author

Rohit Viswanathan

Rohit is a product marketer with 5+ of experience in the SaaS industry. He has a keen eye for research and understanding macro trends in the SaaS & technology space. He has worked across several marketing & strategy roles in companies such as Freshworks & HCL. In his leisure time, Rohit is a full-time sports enthusiast.