AI’s Promise and Peril: A Guide to Protecting Sensitive Data


Embracing generative AI in the workplace offers productivity gains but raises data security concerns. Daniel Chechik of WalkMe explores solutions involving digital adoption platforms (DAPs).

Employees at a semiconductor giant recently inputOpens a new window confidential source code into the popular generative AI chatbot, ChatGPT. While they intended to use AI to check the code, they made it available to OpenAI, the company behind ChatGPT. OpenAI’s terms of service state that they may use content from services other than their API to develop and improve their services. A 21-year-old US Air National Guardsman leaked classified documents containing state secretsOpens a new window on the popular voice-over-Internet protocol (VolP) and instant messaging app, Discord. 

The common thread between these two recent headlines is that individuals shared sensitive information that posed high risks for their employers, in the latter case, the US military and nation. While authorized military personnel with significant enough security clearance to get their hands on classified documents should know better than to share secrets on an app, the same is not necessarily true of employees who come into contact with sensitive information at work. 

Does the average employee understand the difference between saving confidential company information in a Google or Microsoft cloud document versus brainstorming with that sensitive information on ChatGPT? I’m not sure. In the new world of generative AI at work, employees interact with machines that digest the input information and use it to learn. 

While the capability for generative AI to improve the way we work and give us an overall better experience at work while boosting creativity and productivity for our companies, we have also unlocked a new arena for cybersecurity. Large, small, public, and private organizations must act quickly to ensure the safe use of these new resources by putting proper measures in place to safeguard their organizations against these kinds of leaks. 

Should We Block Generative AI Chatbots at Work?

Generative AI chatbots like OpenAI’s ChatGPT and Google’s Bard have overtaken the working world. There is no denying that generative AI can help businesses and employees by boosting productivity and freeing time for humans to focus on high-priority tasks. Blocking these technologies altogether is one way to prevent employees from inputting sensitive information, but that comes at the cost of losing out on the benefits generative AI can provide your business. 

The semiconductor company that recently had its source code leaked on ChatGPT originally blocked the site altogether and decided to reverse that decision just a few weeks before the leak. Generative AI is not a competitive advantage since everyone can use it, but shutting yourself off from it entirely is certainly putting your organization at a disadvantage. 

See More: Smells Like Team Spirit: Generative AI as a Teammate

Implementing Safeguards With the Right Digital Adoption Platform (DAP)

To harness the power of generative AI safely, forward-thinking organizations have implemented Digital Adoption Platforms (DAP) to inform employees when entering the generative AI territory and ensure they’re implementing the appropriate measures to protect their company’s data. A DAP could deliver an automatic pop-up explaining the company policy for that specific website or application so that the users can understand and acknowledge what they can and cannot do on that site. A DAP could also identify exactly which applications are being used by employees and provide details of their usage; this becomes particularly important in bringing shadow AI to light as organizations can gain full visibility into all of the AI applications being accessed by their employees and see how they’re being used.

DAPs provide customized on-screen guidance and automation to walk employees through workflows across applications and share aggregate user analytics to improve the user experience continuously. This technology enables organizations to educate employees on the importance of being vigilant about what they share and which applications they use.

When using AI applications, a DAP could be used to automatically deliver a pop-up message when an employee mentions the company name, private information, or anything the company feels shouldn’t be publicly shared. Educational messages can be segmented to specific groups of users by department, geography, role, or security clearance level with customized, specific instructions on engaging with generative AI applications. 

There is a wide array of understanding among employees on the capabilities of generative AI and a large spectrum of digital dexterity among employees. This is precisely why segmented messaging and educating users in the right context are important. Company or state secrets can be shared by the most sophisticated coder and an unknowing employee trying to tap into the famous power of this new technology. Leadership and cybersecurity teams are responsible for implementing the necessary guardrails for individuals to benefit from generative AI, and DAPs safely provide the technology to place these guardrails contextually. 

A Look at Traditional Data Loss Prevention (DLP) Software

Traditional data loss prevention (DLP) solutions are designed to detect data leakage by specific patterns. They typically operate on the network level, and the user does not receive the contextual information to address or better understand what they did wrong. These types of tools require significant maintenance and can only catch some cases. When a DLP solution is in place, the end user, often the employee, is unaware that they violated the security protocol. Hence, they are likely to continue their risky behavior. When implemented well, DLP solutions can serve as an excellent defense against data breaches, but they are flexible and require a lot of work to maintain the right way. 

See More: Data Loss Prevention: Best Practices 

Without sacrificing the innovation, creativity, and productivity boosts promised by generative AI applications, organizations must use the right technology and employee education to create clear guidelines around this exciting new technology. Creating creative solutions to mitigate the risks of intellectual property theft and data leakage is par for the cybersecurity course. Protecting companies’ bottom lines and maintaining national security has become essential.

How can digital adoption platforms enhance security while leveraging generative AI’s potential? Let us know on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock