The ChatGPT breach may have impacted enterprise.

The ChatGPT breach announced by OpenAI isn’t just their problem. It should be a top concern for CISOs. If anyone in your organization has used ChatGPT, you might be impacted. Your employees are likely testing ChatGPT to aid in various elements of their jobs. While your employees are wise to adopt these tools, their good intentions may open you up to serious intellectual property (IP) concerns.  

Our team at 3 Tree Tech has witnessed an alarming pattern long before this breach: employees at various enterprise organizations are copying sensitive corporate data and pasting it into ChatGPT to make their jobs more efficient. In doing so, proprietary data is no longer proprietary. This mistake is extremely easy to make.  

ChatGPT Breach and Related IP Concerns

Developers use ChatGPT and other AI tools to help them with their proprietary code. Even comms people may use ChatGPT for internal memos that should not be public. Financial managers may use ChatGPT to help with financial documents as well. Will future IP leaks become shareholder concerns and warrant investigations from the SEC? It’s possible.  

Even before the ChatGPT breach exposed users search data, IP loss was still a real concern. OpenAI is under no obligation to protect your proprietary data. Today it’s ChatGPT, but tomorrow a new AI tool owned by a competitor or nation-state could easily gain access to your proprietary data with well-intentioned employees.  

Enterprise CISOs have limited options to let users engage with these tools while protecting critical assets. It can often be too much of a temptation to toss corporate IP into ChatGPT to test its capabilities. And when your employees do this, your organization loses custody of critical data.  

Exposing intellectual property through the use of ChatGPT is a real concern. No team leader wants to limit their team’s tools, especially AI, which will shape our future. But security also can’t be compromised.  

It’s also a risk when users adopt browser extensions to utilize ChatGPT.  Unfortunately, many organizations do not govern extensions allowing them to operate without oversight over corporate applications. 

So, what should tech leaders do when put in this tough spot? Organizations can leverage built-in or integrated external DLP technologies to provide further security regarding when corporate data is acceptable versus not acceptable. Another solution may be to use an enterprise browser.

What is enterprise browser? 

Enterprise browsers are relatively new and became a possibility when both Chrome and Edge adopted Chromium under the hood. They can solve an incredible series of difficult use cases in a very natural, much simpler way.  

An enterprise browser will govern application access and data protection while keeping the user safe during all interactions. Enterprise browsers leverage application boundaries to prevent the pull of data from corporate applications and prevent spillage into the realm of web-based generative AI tooling.  

Island, an enterprise browser we recommend at 3 Tree Tech, won’t allow users to copy and paste data out of a corporate application and into ChatGPT or any other personal applications. Island governs what extensions can be used, but most importantly, what their permissions are within corporate applications. 

What does an enterprise browser do? 

Beyond just protecting your organization from the ChatGPT breach and other similar events. Enterprise browsers, like Island, solve many previously evasive use cases in areas such as contractor access, M&A situations, call center access and privileged access management. CISOs have struggled for years with the complexities of many of these use cases, but an enterprise browser can provide a simple and elegant avenue to solve so many of these challenges. 

Enterprise browsers offer savings to organizations using VDI or shipping third-party laptops. One common challenge solved by Island’s enterprise browser is the onboarding and governance of Contractor/3rd Party/BPO access. Often these resources leverage devices which are not managed by the organization; thus Island can simplify onboarding of these resources and provide deep control even on an unmanaged device.   

Notable features of enterprise browsers: 

• Enterprise browsers solve the challenges of shipping secured laptops to third-party employees. 
• Enterprise browsers drastically reduce or can even eliminate VDI.  
• Enterprise browsers can eliminate PAM tools and many Secure Web Gateway (SWG) skews.
• Enterprise browsers can eliminate your Cloud Access Security Brokers (CASB).  

When using Island, we found one prevention method fascinating. They have built-in protection against employees taking photos of their computer screens. Their software embeds a QR code on every screen page, unique to that user. If an employee takes a picture, your team can search later for those QR codes online or on the dark web. This allows your security team to track down who leaked data and provide education.

When an employee’s cell phone grabs the QR code, if tapped, it automatically sends an alert to the SOC and logs the potential risk. Yes, your staff can find workarounds, but the primary method of IP loss is accidental and isn’t nefarious in nature.  

Lastly, many organizations leverage the complex, clunky and expensive experience of Virtual Desktop Infrastructure where both the users and operational teams hate the experience. Enterprise browsers can have a transformative impact on simplifying existing VDI deployments while giving the users a natural experience, operational teams a simpler environment to manage, and the organization significantly reduced expense. 

AI tools like ChatGPT will revolutionize work. But the ChatGPT breach is just the beginning. To keep the spigot of creativity open, while simultaneously protecting yourself, perhaps using an enterprise browser solution is what you’re looking for.