With the recent rise in generative AI tools causing controversy around the world right now, we knew that ChatGPT would be a big security concern for our customers.
A recent report tells us that 70% of security professionals say generative AI has improved collaboration and productivity within their teams. But with the use of such tools, there is always the risk of sensitive data being leaked or shared with Large Language Models (LLMs) that are still largely an unknown entity.
We’re excited to be sitting down with our Head of Product, Sheree Buller Lim, to discuss the launch of our new ChatGPT integration, and how it can help give our customers peace of mind when it comes to AI.
Today, we’re launching our brand new ChatGPT browser extension.
We are seeing an absolute explosion, as everyone is, with the use of generative AI tools within technology. Tools like ChatGPT are being widely adopted across many organisations.
What comes with that adoption is a huge explosion of sensitive data leaking within those integrations. Some companies, and even countries, are going as far as banning the use of these tools. At Metomic, we want to have our integration sit alongside ChatGPT so that organisations and employees can get the amazing productivity benefits from these sorts of tools, without the fear of sensitive data being leaked.
They'll have peace of mind that their employees are using these tools safely. With tools such as ChatGPT, it's really hard to keep on top of what people are entering. It's a totally free tool, you can sign up to it with any email address - you can even use it with a personal email address at work as well.
It's becoming harder and harder to restrict. To be honest, we know that the risk is never going to be zero. What we can do though, is get that risk as low as possible and surface this information to our customers so they can work with their employees, not against them, to help prevent sensitive data being leaked.
What's really great is our ChatGPT integration actually sits within the browser itself, and it's really easy to set up. Essentially, any time an employee goes into ChatGPT within the browser, and sends a message, Metomic is going to scan that data.
When Metomic scans the ChatGPT messages, we're scanning for all our classifiers that we have within the product - that's over 150 classifiers for sensitive data (we’ll soon have lots more - stay tuned!). Then we'll be surfacing this in real time in the Metomic dashboard.
Absolutely. Some of the biggest data breaches that we've seen recently have actually been with source code.
ChatGPT is becoming really, really popular amongst the software engineering community, and it's a really effective tool for the work that they do, but some engineers are actually entering their organisational source code from tools like GitHub into ChatGPT. With Metomic, we are scanning for things like AWS keys, other secrets and keys, as well as Personally Identifiable Information (PII), Social Security Numbers, phone numbers, and email addresses.
Security teams can be notified of the shared sensitive data via our Saved View Summary - a really exciting new feature that we have on our platform. Not only can you see the data in real time but within the Metomic dashboard, you can also go to the Assets page where we show you absolutely everything within the integration.
You can create a Saved View using certain filters that matter to you. So you could filter by the ChatGPT integration and you can also filter by the classifier that interests you such as AWS keys. Once you've saved it as a view, every single week, we'll send you a proactive summary to your favourite communication channel, like Slack, so you can be notified of any sensitive data being shared.
ChatGPT can massively help with productivity at work and can possibly make employees that much more efficient. We want security teams and employees to be working together rather than against each other. We feel Metomic and specifically tools like our ChatGPT extension can work alongside all the existing SaaS tools they’re using.
You can also use ChatGPT without being logged into your organisation’s domain. For instance, a user might be logged into their personal gmail account but using ChatGPT within the browser where the Metomic extension sits, the plugin will inform security teams on who is using the extension, enabling the security teams to not only have that visibility, but to help educate those employees on best practices related to the use of these tools. Again, we don't want the use of these tools to be at odds with an organisation's data security policies, we want employees to be able to effectively use these tools safely!