Security Bloggers Network 
SBN

Three Ways to Opt Out of ChatGPT Data Sharing

by Carrie Landry on April 24, 2023

Let’s keep this super-simple: the devil is in the details in any disclosure policy. If you go to the OpenAI ChatGPT FAQ, there are a few things that should raise the eyebrows of any security engineer. To that purpose, at the end of this blog, you’ll find three ways to opt out of ChatGPT data sharing that will help you and your CISO sleep better at night.

Will you use my conversations for training?

  • Yes. Your conversations may be reviewed by our AI trainers to improve our systems.

From their privacy policy:

We’ll retain your Personal Information for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements.

To be reductionist: any conversation you have (or the corporate you, through your organization’s SSO) gets to be retained in perpetuity by OpenAI. So all of those questions and shortcuts AI has helped with could easily come back to bite your company in the future.

Here are a few thoughts for staring at your ceiling at midnight:

  • Attackers probe ChatGPT for target data like passwords, APIs, or other intellectual property. Crafty prompters know how to get the AI to relinquish this data, and yes, they’re likely trying to get it on your company for any vulnerabilities they can exploit.
  • Incorrect data is difficult to purge (including data on people), leading on Italy’s ChatGPT ban – so enter information at your own risk.
  • Be careful what you give the world – you don’t want your competition finding code, schematics, ideas, or plans from your organization. Samsung recently found this out when one employee asked ChatGPT to check confidential database source code for errors, another employee generated code optimization, and a third fed a company video meeting into ChatGPT to summarize meeting minutes. Yes, all of those data points came back to hurt the company. Just don’t put company information into an intelligent system that’s built to learn, right?

opt out of chatgpt data sharing represented by a cyberpunk circuit globe

Three ways to opt out of ChatGPT data sharing

There are three ways that can keep a security company (or any company) much safer with ChatGPT data sharing:

  • Use the API, whose terms clearly state: “We do not use Content that you provide to or receive from our API (“API Content”) to develop or improve our Services.” It may be less convenient (especially on mobile), but it’s a step worth taking
  • Set up a secure instance through Microsoft Azure.
  • Submit this opt-out form for your company.
    1. Enter your email.
    2. Find your OpenAI Organization ID [below]
      1. Go to this page and log in.
      2. Select the “Settings” tab and find your Organization name and ID per below:

        image of the opt out fields in Chat GPT

    3. Copy the Organization ID and name.
    4. Paste them into the form described in step 1.
    5. Hit “Submit.”

Speaking of reading the fine print, have you wondered what the Banyan privacy policies are? We’re glad you’re curious.

The post Three Ways to Opt Out of ChatGPT Data Sharing first appeared on Banyan Security.

*** This is a Security Bloggers Network syndicated blog from Banyan Security authored by Carrie Landry. Read the original post at: https://www.banyansecurity.io/blog/chatgpt-data-sharing/?utm_source=rss&utm_medium=rss&utm_campaign=chatgpt-data-sharing

Carrie Landry ,