Since
OpenAI
unleashed
ChatGPT
onto
the
world,
opinion
has
been
split
between
those
who
believe
it
will
radically
improve
the
way
we
live
and
work
and
those
who
are
worried
about
its
potential
for
disruption,
particularly
on
the
privacy
of
individuals
and
organizations.
There
have
already
been
incidents
where
sensitive
data
has
been
leaked
and
employees
have
landed
in
hot
water
after
entering
confidential
company
information
into
the
chatbot,
with
some
countries
even
issuing
a
temporary
ban
on
its
use
for
data
protection
purposes.
So,
what
does
ChatGPT
do
with
your
data
and
how
can
you
use
it
securely?
Where
does
ChatGPT
get
data
from?
Chat
GPT
is
an
artificial
intelligence
(AI)
tool
that
is
powered
by
machine
learning
(ML),
which
means
it
uses
ML
algorithms
to
understand
and
respond
to
user
prompts
in
a
conversational
manner.
To
do
this,
it
has
been
“trained”
with
vast
quantities
of
information
scraped
from
the
internet,
including
570
GB
of
data
from
books,
Wikipedia,
articles
and
other
online
content.
Holding
this
amount
of
information
gives
it
the
ability
to
answer
questions,
write
essays,
create
and
debug
code,
solve
complex
mathematical
equations
and
even
translate
different
languages.
However,
as
a
natural
language
processing
tool
it
works
on
probability,
answering
questions
by
predicting
what
the
next
word
in
a
sentence
should
be
based
on
the
millions
of
examples
it
has
been
trained
on.
This
means
that
the
information
it
provides
can
be
inaccurate
or
incomplete
and
as
most
of
the
data
it
contains
was
produced
before
2021,
it
can’t
provide
information
related
to
events
of
the
last
two
years.
How
secure
is
ChatGPT?
ChatGPT
saves
the
prompts
you
enter
and
its
responses
to
keep
training
its
algorithms.
Even
if
you
delete
your
conversations,
the
bot
can
still
use
this
data
to
improve
its
AI.
This
presents
a
risk
if
users
enter
sensitive
personal
or
company
information
that
would
be
appealing
to
malicious
parties
in
the
case
of
a
breach.
Additionally,
it
stores
other
personal
details
when
in
use,
such
as
your
approximate
location,
IP
address,
payment
details
and
device
information
(although
most
websites
store
this
type
of
information
for
analytics
purposes
so
this
is
not
unique
to
ChatGPT).
The
data
collection
methods
deployed
by
OpenAI
have
raised
concerns
among
some
researchers,
as
the
scraped
data
can
include
copyrighted
material.
In
an
article
on
The
Conversation,
Uri
Gal,
Professor
in
Business
Information
Systems
at
the
University
of
Sydney,
called
ChatGPT
“a
privacy
nightmare”,
stating
that
“if
you’ve
ever
written
a
blog
post
or
product
review,
or
commented
on
an
article
online,
there’s
a
good
chance
this
information
was
consumed
by
ChatGPT.”
ChatGPT
and
cybersecurity
There
is
also
evidence
that
ChatGPT
is
already
being
used
for
malicious
purposes.
Its
ability
to
write
code
means
it
can
be
used
to
create
malware,
build
dark
web
sites
and
enact
cyber
attacks.
At
a
recent
CS
Hub
advisory
board
meeting,
members
talked
about
noticing
that
ChatGPT
was
being
deployed
to
engineer
highly
sophisticated
phishing
attacks,
using
it
to
improve
language
as
poor
spelling
and
grammar
are
often
tell-tale
signs
of
a
phishing
attempt.
They
also
reported
that
it
is
being
used
to
help
malicious
actors
better
understand
the
psychology
of
the
intended
recipients,
with
the
aim
of
putting
them
under
duress
so
that
phishing
attacks
are
more
effective.
In
March
2023,
more
than
a
thousand
AI
experts,
including
OpenAI’s
co-founders
Elon
Musk
and
Sam
Altman
called
for
an
immediate
pause
on
the
creation
of
any
further,
major
generative
AI
tools
for
a
minimum
of
six
months,
to
allow
time
for
researchers
to
better
understand
the
risks
they
pose
and
how
to
mitigate
them.
i
agree
on
being
close
to
dangerously
strong
AI
in
the
sense
of
an
AI
that
poses
e.g.
a
huge
cybersecurity
risk.
and
i
think
we
could
get
to
real
AGI
in
the
next
decade,
so
we
have
to
take
the
risk
of
that
extremely
seriously
too.—
Sam
Altman
(@sama)
December
3,
2022
What
data
breaches
have
there
been
so
far?
OpenAI
has
confirmed
that
a
bug
in
the
chatbot’s
source
code
may
have
caused
a
data
leak
in
March
2023,
enabling
certain
users
to
view
parts
of
another
active
user’s
chat
history.
It
may
have
also
made
available
payment-related
information
belonging
to
1.2
percent
of
ChatGPT
Plus
subscribers
who
were
active
during
a
specific
time
period.
OpenAI
issued
a
statement
saying
that
it
believed
the
number
of
users
whose
data
was
revealed
was
“extremely
low”,
as
they
would
have
needed
to
open
a
subscription
email
or
clicked
certain
functions
in
a
specific
sequence
during
a
particular
timeframe
to
be
affected.
Nevertheless,
ChatGPT
was
taken
offline
for
several
hours
while
the
bug
was
patched.
Prior
to
this,
Samsung
had
three
separate
incidents
where
confidential
company
information
was
entered
into
the
chatbot
(Samsung’s
source
code,
a
transcription
from
a
company
meeting
and
a
test
sequence
to
identify
defective
chips)
that
led
to
disciplinary
investigations.
The
data
was
not
leaked
as
far
as
we
know,
but
as
mentioned
above,
everything
inputted
into
ChatGPT
is
stored
to
train
its
algorithm,
so
the
proprietary
information
entered
by
Samsung
staff
members
is,
in
theory,
now
available
to
anyone
using
the
platform.
What
does
OpenAI
say
about
the
security
of
its
data?
OpenAI
says
it
carries
out
annual
testing
to
identify
security
weaknesses
and
prevent
these
from
being
exploited
by
malicious
actors.
It
also
runs
a
‘bug
bounty
program’,
inviting
researchers
and
ethical
hackers
to
test
the
security
of
the
system
for
vulnerabilities
in
exchange
for
cash
rewards.
It
is
worth
noting
that
according
to
OpenAI,
data
submitted
through
its
API
is
not
saved,
unlike
ChatGPT.
To
find
out
exactly
how
secure
data
is
within
ChatGPT
we
went
straight
to
the
source
and
asked
how
great
a
risk
there
is
of
it
experiencing
a
data
breach.
ChatGPT
responded
by
saying
that
it
does
not
have
direct
control
over
the
security
of
the
systems
that
store
and
handle
its
data.
“However,
OpenAI,
the
organization
behind
ChatGPT,
takes
data
security
and
privacy
seriously,”
it
said.
“They
have
implemented
measures
to
protect
the
data
and
minimize
the
risk
of
a
data
breach.
“That
being
said,
no
system
is
entirely
immune
to
potential
security
vulnerabilities,”
it
continued.
“There
is
always
a
small
inherent
risk
of
a
data
breach
or
unauthorized
access.
However,
organizations
like
OpenAI
employ
various
security
practices,
including
encryption,
access
controls,
and
regular
security
audits,
to
mitigate
these
risks
and
ensure
the
confidentiality
and
integrity
of
the
data.”
What
can
users
do
to
keep
their
data
safe?
As
with
all
digital
applications,
ChatGPT’s
own
advice
is
that
“if
you
have
concerns
about
the
privacy
or
security
of
your
interactions
with
ChatGPT,
it’s
advisable
to
avoid
sharing
any
personally
identifiable
or
sensitive
information.
While
OpenAI
aims
to
provide
a
secure
environment,
it’s
essential
to
exercise
caution
when
interacting
with
AI
systems
or
any
online
platform.”
Other
general
advice
is
to
create
a
strong
and
unique
password
and
close
the
application
after
using
it,
especially
on
shared
devices.
It
is
also
possible
to
opt
out
of
allowing
ChatGPT
to
store
data
by
completing
an
online
form.
In
April
this
year,
OpenAI
introduced
a
new
feature
enabling
users
to
turn
off
the
chat
history.
Any
conversations
started
after
turning
on
this
feature
are
not
stored
to
train
the
algorithm
and
do
not
appear
in
the
history
sidebar,
with
the
caveat
that
they
are
still
retained
for
30
days
before
being
permanently
deleting.
The
future
of
ChatGPT
and
cybersecurity
Jonathan
Jackson,
director
of
sales
engineering
APJ
at
BlackBerry
Cybersecurity,
believes
that
the
likelihood
of
cyber
attacks
linked
to
ChatGPT
occurring
in
the
near
future
is
inevitable.
“There
are
plenty
of
benefits
to
using
this
kind
of
advanced
technology
and
we
are
just
scratching
the
surface
of
its
potential,
but
we
also
cannot
ignore
the
ramifications,”
he
wrote
for
CS
Hub
in
February
2023.
“As
the
platform
matures
and
hackers
become
more
experienced,
it
will
become
more
difficult
to
defend
without
also
using
AI
to
level
the
playing
field.”
He
added
that
AI
is
increasingly
being
used
to
create
convincing
phishing
messages
that
trick
people
into
providing
sensitive
information
or
installing
malware,
while
AI
tools
can
also
launch
distributed
denial
of
service
(DDoS)
attacks,
overwhelming
an
organization’s
systems
with
traffic
to
disrupt
its
operations.
“There
are
plenty
of
benefits
to
using
this
kind
of
advanced
technology,
but
we
also
cannot
ignore
the
ramifications.”
Calls
to
regulate
generative
AI
are
certainly
increasing.
As
well
as
the
open
letter
calling
for
a
six-month
moratorium
on
developing
further
projects
(which
now
has
more
than
30,000
signatories),
‘godfather
of
AI’
Geoffrey
Hinton
made
headlines
when
he
stepped
down
from
his
position
at
Google
to
enable
him
to
speak
publicly
about
the
potential
dangers
of
the
new
technology.
Governments
around
the
world
are
also
discussing
regulations.
The
European
Union
has
been
the
first
to
propose
a
major
law
called
the
AI
Act,
which
assigns
applications
of
AI
to
different
risk
categories.
For
example,
an
application
that
uses
personal
data
to
run
social
scoring
of
the
type
the
Chinese
government
deploys
would
pose
an
“unacceptable
risk”
and
would
be
banned.
The
ban
on
the
use
of
ChatGPT
in
New
York
City
schools
has
now
been
lifted,
but
the
US
government
has
released
its
“Blueprint
for
an
AI
Bill
of
Rights,”
which
advises
businesses
how
to
use
AI
ethically.
Meanwhile
in
the
UK,
formerly
enthusiastic
prime
minister
Rishi
Sunak
recently
announced
a
change
in
approach
to
AI
that
will
require
its
use
to
be
introduced
“safely
and
securely
with
guard
rails
in
place”.
Between
February
and
April
2023,
the
UK’s
Home
Office
ran
an
open
review
of
the
1990
Computer
Misuse
Act,
to
propose
changes
that
would
ensure
it
covers
AI-powered
cyber
attacks.
While
we
are
only
just
starting
to
scratch
the
surface
of
what
AI
is
capable
of,
cyber
security
professionals
and
governments
need
to
get
ahead
of
this
fast-developing
technology
before
it
is
too
late
to
avert
a
serious
attack.
Read
more
About Author
