Legal experts warn ther is an urgent need for employers to understand how staff are using this new generation of AI-based software
Thousands of employees are pasting confidential data into ChatGPT, prompting companies to ban or restrict access to the software amid warnings that material submitted to powerful internet chatbots is at risk of leaking into the public domain.
Figures show that more than one in 20 people using ChatGPT in the workplace have submitted data owned by their company to the Microsoft-backed artificial intelligence software.
According to internet security company Cyberhaven, the proportion of workers pasting internal data to ChatGPT more than doubled in less than a month from 3.1 per cent to 6.5 per cent, with material submitted including regulated health information and personal data.
Alarm is growing among corporations at the dramatic growth in use of the chatbot and the commercial and security implications of potentially sensitive information routinely “escaping” to external databanks.
Amazon has already warned staff not to paste confidential data to ChatGPT, while banking giant JPMorgan and US-based mobile phone network Verizon have banned workers from using the software altogether.
Samsung, the world’s largest smartphone manufacturer, this week became the latest conglomerate to find itself embroiled in concerns over how staff use ChatGPT, after Korean media reports claimed employees at the company’s main semi-conductor plants inputted confidential information, including highly-sensitive “source code” to iron out programming flaws.
Source code, the fundamental underpinnings of any operating system or software, is among the most closely-guarded secrets of any technology company. Samsung did not respond to a request to comment but has reportedly placed limits on staff access to ChatGPT and is now developing its own AI chatbot for internal use.
Millions of people have used ChatGPT since its mainstream launch last November. Alongside its ability to answer questions or turn datasets into useable material using natural, human-like language it can also check and generate computer code at phenomenal speed as well as interrogate images.
Legal experts have warned of an urgent need for employers to understand how staff are using this new generation of AI-based software such as ChatGPT, produced by San Francisco-based company OpenAI, and rivals such as Google’s Bard.
There are particular concerns, shared by bodies including Britain’s GCHQ intelligence agency, that information inputted into AI systems could eventually return to the public domain, either as a result of hacking or data breaches, or via the use of submitted material to “train” chatbots.
OpenAI acknowledges that it uses data pasted into ChatGPT to “improve our models”. But the company insists it has safeguards in place, including the removal of information that could make an individual identifiable.
In an online statement, OpenAI said: “We remove any personally identifiable information from data we intend to use to improve model performance. We also only use a small sampling of data per customer for our efforts to improve model performance. We take great care to use appropriate technical and process controls to secure your data.”
Experts argue that the sudden spike in the use of the chatbots, otherwise known generative AI, could leave companies and other organisations in breach of rules such as the GDPR data protection regulations, as well as being liable for information that could subsequently appear in future searches or any hacking operation by criminal or state-sponsored groups.
Richard Forrest, legal director of Hayes Connor, a firm specialising in law surrounding data breaches, said workers should “assume that anything entered [into AI chatbots] could later be accessible in the public domain”.
Describing regulations around the AI software as “unchartered territory”, Mr Forrest said: “Businesses that use chatbots like ChatGPT without proper training and caution may uknowingly expose themselves to GDPR data breaches, resulting in significant fines, reputational damage and legal action.”
Concern is mounting about the ability to regulate and shape the use of tools such as ChatGPT. Italy last week became the first Western country to block ChatGPT after its data-protection authority raised privacy concerns.