Search

Security Advisory : Using AI Tools Securely: ChatGPT, Gemini, and More 

INTRODUCTION 

AI-powered tools are now integrated into various platforms, from office software and operating systems to image editors and chat applications. But how can you use ChatGPT, Gemini, DeepSeek, and other AI-powered tools without compromising your digital security?

AVOID SHARING SENSITIVE INFORMATION WITH AI CHATBOTS

OpenAI’s privacy policy indicates that user data may be utilized to enhance AI performance. When using services like ChatGPT, Sora, or Operator, your interactions could be used to train AI models.

According to a study done by Harmonic Security, 8.5% of prompts contained sensitive information.

Never input sensitive personal information such as passwords, passport or banking details, addresses, phone numbers, names, or any confidential business data. If necessary, replace sensitive details with placeholders like asterisks or “REDACTED.”

For professionals, especially software engineers leveraging AI for code review, it’s crucial to strip out any information that could reveal company secrets and/or application structure.

Everything shared with an AI chatbot has the potential to be stored and analyzed.

FREE AI SERVICES COME WITH HIGHER RISKS 

Many free-tier AI tools explicitly state that they train on user data. Organizations using AI should consider investing in paid AI services like ChatGPT Enterprise, which ensures that user inputs and outputs are not utilized for training purposes.

Experts recommend paid plans as a more secure option for businesses looking to mitigate risks.

BEST PRACTICES FOR SAFE AI USE IN THE WORKPLACE

For businesses looking to integrate generative AI tools while minimizing security risks, Harmonic Security suggests shifting away from outright bans and instead implementing effective AI governance strategies. These include:

  • Establishing clear AI usage policies and enforcing workflows.
  • Monitoring AI tool usage in real time to track inputs and ensure compliance.
  • Restricting the use of free AI tools that train on input.
  • Classifying sensitive data to prevent exposure.
  • Educating employees on responsible AI use and associated risks.

HOW CAN RICHTER GUARDIAN HELP YOU? 

Richter Guardian can provide solutions to enhance your cyber hygiene, reducing the risk of data breaches and security threats when using AI tools. By following our recommended practices, individuals and organizations can leverage AI safely while protecting their sensitive data.