iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A new report has shown that enterprise-grade workers are sharing sensitive data with generative AI engines such as ChatGPT on an hourly basis throughout the workday.
Alarmingly, despite the fallout from Samsung developers inadvertently sharing and subsequently leaking internal source code with AI engines, source code is still the most common form of sensitive data being shared.
Netskope’s Cloud & Threat Report: AI Apps in the Enterprise is based on feedback from “a few million employees” working for enterprises protected by its own secure access service edge solutions. This included some of the more than 625,000 workers in Australian companies covered by Netskope’s services.
The survey found that companies with more than 10,000 employees use, on average, five discrete AI apps every day; unsurprisingly, ChatGPT is the most popular. More than eight times more workers use OpenAI’s offering than any other generative AI tool, and at the current rate, Netskope expects AI use in the enterprise to double inside seven months.
Google Bard, however, is the fastest-growing AI app in terms of use.
Overall, 1 per cent of workers polled use AI apps daily, with an average of 1 per cent of prompts containing sensitive data.
On a monthly basis for every 10,000 prompts to tools such as ChatGPT, 183 contain sensitive information, and of that number, source code is by far the most prevalent, with 158 prompts containing code for every 10,000 employees.
Other data being shared includes health and financial information, and even passwords embedded in source code.
“It is inevitable that some users will upload proprietary source code or text containing sensitive data to AI tools that promise to help with programming or writing,” said Ray Canzanese, threat research director at Netskope Threat Labs, in an announcement. “Therefore, it is imperative for organisations to place controls around AI to prevent sensitive data leaks.”
There’s no doubt that some companies do recognise the risk of AI tools in the workplace. The finance and healthcare industries in particular are wary of AI, with one in five workplaces having enacted a blanket ban on the use of ChatGPT. At the other end of that scale, only one in 20 technology companies have done likewise.
However, such bans may not be the right answer, according to James Robinson, Netskope’s deputy chief information security officer.
“As security leaders, we cannot simply decide to ban applications without impacting on user experience and productivity,” Robinson said.
“Organisations should focus on evolving their workforce awareness and data policies to meet the needs of employees using AI products productively.
“There is a good path to safe enablement of generative AI with the right tools and the right mindset.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
