The rapid advancement of Artificial Intelligence (AI) technology has garnered much attention in recent weeks for its potential to enhance workplace productivity and efficiency. However, this focus on AI innovation has overshadowed the risks that come with such new technologies. AI services, such as ChatGPT and Google Bard, will begin to be used by cybercriminals to develop attacks against organizations, highlighting the potential cybersecurity risks that these services pose. On top of that, there has been little discussion about the risks associated with users accessing and exposing an organization's intellectual property (IP) or secrets through these services.

Although many AI services claim to not cache or use user-submitted data for training purposes, recent incidents with ChatGPT specifically have exposed vulnerabilities in the system. This can potentially result in the exposure of company intellectual property or user search prompts with responses, posing a significant risk to organizations. As a result, companies are increasingly concerned about how they can leverage AI services while safeguarding their sensitive data from being exposed to the public. This underscores the need for companies to assess the risks and benefits associated with AI services and to implement measures to protect their sensitive data.

To address these risks, companies must take a proactive approach to protect their sensitive data from being leaked through AI services. This may include implementing Data Loss Prevention (DLP) solutions that can monitor and safeguard data at the endpoint and network levels. Additionally, companies should educate their employees on the risks associated with AI services (just like any other 3rd party service) and the potential consequences of exposing sensitive data. By taking these steps, organizations can ensure that they are leveraging the benefits of AI services while mitigating potential risks to their sensitive data.

While AI services offer significant benefits to organizations, they also pose potential cybersecurity risks. Companies must carefully consider these risks and implement measures to safeguard their sensitive data from being exposed. By adopting a proactive approach to cybersecurity, organizations can leverage the benefits of AI services while protecting their most valuable assets.

Trellix Can Help Safeguard Your Data

New technology can introduce security gaps that can make organizations susceptible to accidental or deliberate breaches. As technology evolves, it is crucial for companies to have adequate security measures in place to safeguard their sensitive data.
Trellix has a reputation for providing effective protection against potential threats, due to its extensive experience in the cybersecurity space.

You might be asking yourself how this can occur in your environment. With the efficiencies that these AI services bring users will be leveraging them more and more in their daily tasks. Just a few examples of how users might use these services while unexpectedly leak sensitive data:
● An employee might capture meeting notes and action items from an internal meeting about a new product that will disrupt the market. To summarize the notes for the executive team they may post the notes into ChatGPT asking it to create a summary from the notes.● A software developer working on a company’s top product might copy and paste source code into ChatGPT asking it for recommendations to improve the code.
An engineer may copy and paste log files submitted by an end user into ChatGPT asking it to write a root cause analysis report without scrubbing the log of usernames, IP address and system names.
Trellix's Data Loss Prevention (DLP) solutions are designed to monitor and safeguard organizations at both the endpoint and network levels. This comprehensive approach ensures that sensitive information remains secure, even as new technologies emerge. With Trellix's DLP solutions, organizations can rest assured that their most valuable crown jewels are protected from potential security breaches.

Leveraging Trellix Data Loss Prevention

Trellix Data Loss Prevention (DLP) offers a comprehensive collection of pre-defined rule set templates that can be used to rapidly establish DLP in any setting. Although these out-of-the-box templates may not satisfy all your DLP needs, they provide valuable guidance on how to protect data within your environment. In the case of AI services like ChatGPT and Google Bard, which present unique challenges for securing your environment, building the necessary rules can be accomplished in a matter of minutes. This allows you to promptly deploy the rules for testing, tuning, and enforcement in your production environment.
To safeguard your data from being leaked to these services, there are three types of DLP rules that can be utilized:
● Clipboard Protection: Monitor or blocks the use of the clipboard to copy sensitive data● Web Protection: Monitor data being posted to websites● Application Control: Monitor or block user access to websites
Before we create the rules you will need to first create definitions that will be used in the rules you plan to implement. For the use case in this article we will need to create the following DLP Definition Types:
● URL List: Used to define web protection rules and web content fingerprinting classification criteria. They are added to rules and classifications as Web address (URL) conditions.● Application Template: Controls specific applications using properties such as product or vendor name, executable file name, or window title. An application template can be defined for a single application, or a group of similar applications. There are built-in (predefined) templates for several common applications such as Windows Explorer, web browsers, encryption applications, and email clients.
From the Trellix ePolicy Orchestrator (ePO) console navigate to DLP Policy Manager | Definitions