Top

Top reasons to avoid sharing sensitive data in ChatGPT conversations

Sensitive Data ChatGPT: Everybody has seen by now that the way we communicate and take action has changed drastically, especially with the new AI era coming our way. ChatGPT has become a popular AI tool allowing users to engage in dynamic conversations with machines. While it offers many benefits, such as convenience and instant responses, it is essential to be cautious when using such platforms. While ChatGPT is incredibly intelligent and capable of understanding complex language and providing intelligent responses, it is not designed to provide the same level of security that you would get from a human being, and it is not equipped to protect sensitive information from hackers or other malicious actors who may attempt to access the information.

The potential risks of sharing sensitive data in ChatGPT conversations

The first step in understanding the need for privacy in ChatGPT conversations is to recognize the potential risks associated with sharing sensitive data. Sensitive data can include personal information, financial details, login credentials, and even confidential business information. Sharing such data can put you at risk for identity theft, financial loss, and damage to your online reputation.

An example of this issue happened on March 22, when OpenAI CEO Sam Altman confirmed reports of a ChatGPT glitch that allowed some users to see the titles of other users’ conversations. On March 20, users began to see conversations appear in their history that they said they hadn’t had with the chatbot. Altman said the company feels “awful”, but the “significant” error has now been fixed.

“We had a significant issue in ChatGPT due to a bug in an open-source library, for which a fix has now been released and we have just finished validating. A small percentage of users were able to see the titles of other users’ conversation history,” Altman said.

That’s why it is also important to realize that although ChatGPT may not actively exploit your data, the service providers hosting the platform could potentially access your information. In addition, hackers and other malicious actors may target these platforms to steal sensitive data, putting your privacy at risk. By avoiding sharing sensitive information in ChatGPT conversations, you can minimize these risks and help protect your privacy.

Understanding Data Security in AI Platforms

Data security is critical to any online platform, and AI services like ChatGPT are no exception. To ensure the privacy of your information, it’s essential to understand how these platforms handle data security. AI platforms typically store user data on servers, which can be vulnerable to cyberattacks or unauthorized access. Additionally, the data can be used for training and improving the AI models, which could expose your sensitive information to a larger audience.

AI platforms collect and process vast amounts of data to function effectively. While many developers have implemented security measures to protect this data, the sheer volume of information can make it difficult to guarantee complete security. This is particularly true for generative models like ChatGPT, designed to generate human-like responses based on the data they have been trained on. Moreover, AI developers often have to balance the need for data security with the demand for improved performance and functionality. As such, it is crucial for users to be aware of the potential risks associated with sharing sensitive data in ChatGPT conversations and to take appropriate precautions.

In March, the National Cyber Security Centre (NCSC) of the UK provided more information regarding this matter, stating that ChatGPT and other large language models (LLMs) currently do not automatically add information from queries to models for others to query. Therefore, including private data in a query will not result in its incorporation into the LLM. However, the organization providing the LLM, which is OpenAI in the case of ChatGPT, can view the queries since they are stored. These queries will likely be used for developing the LLM service or model. The LLM provider or its partners/contractors may read and integrate the queries into future versions. The NCSC pointed out another risk that increases as more organizations create and use LLMs: queries stored online could be hacked, leaked, or unintentionally made public.

Another interesting incident happened not long ago, where several Samsung employees reportedly shared confidential information with ChatGPT, including sensitive database source code, code optimization requests, and recorded meetings for generating minutes. Samsung has since restricted the length of employees’ ChatGPT prompts and is investigating the three employees involved while developing their own chatbot to prevent similar incidents. ChatGPT’s data policy states that user prompts are used to train its models unless explicitly opted out. OpenAI advises against sharing secret information with ChatGPT as it cannot delete specific prompts from history.

ChatGPT threats and best practices on how to avoid them

As with any digital platform, ChatGPT is vulnerable to various cybersecurity threats. These threats can range from hackers attempting to gain unauthorized access to the platform to more sophisticated attacks that exploit specific vulnerabilities in the AI model. For example, an attacker could manipulate the platform to generate responses containing sensitive data or malicious content. This could occur if the attacker can access the training data or influence the model’s learning process. In addition, chatbots like ChatGPT can be susceptible to adversarial attacks, which involve feeding the model carefully crafted inputs designed to cause it to produce incorrect or harmful outputs. Given these potential threats, it’s crucial for users to be vigilant when using ChatGPT and to avoid sharing sensitive data that cybercriminals could exploit. So, in order to protect your privacy and minimize the risks associated with sharing sensitive data in ChatGPT conversations, consider the following best practices:

Be cautious about the information you share: Avoid disclosing sensitive data, such as personal information, financial details, or confidential business information, in ChatGPT conversations. Rember, you might never know if this information might get leaked.

Use strong, unique passwords: Protect your ChatGPT account with a strong, unique password and enable two-factor authentication if available. (For example, when signing in with your Google account)

Be aware of phishing scams: Be cautious of emails or messages that appear to be from ChatGPT or other trusted sources but ask for sensitive information or direct you to click on suspicious links.

Watch out for the fakes: Take a good look at your app or extension, which might seem like a ChatGPT app. Today you can find a lot of fake apps posing as ChatGPT that can be malicious. Therefore, you must always be cautious and take a good look before acting.

Kristi Shehu is a Cyber Security Engineer (Application Security) and Cyber Journalist based in Albania. She lives and breathes technology, specializing in crafting content on cyber news and the latest security trends, all through the eyes of a cyber professional. Kristi is passionate about sharing her thoughts and opinions on the exciting world of cyber security, from breakthrough emerging technologies to dynamic startups across the globe.