The Cabinet Division has issued a cyber security advisory addressing the potential risks and privacy concerns associated with AI-driven chatbots, such as ChatGPT.
OpenAI launched ChatGPT in November 2022, leading to widespread usage and an emerging debate over its security implications. The advisory highlights the integration of chatbots like ChatGPT, Bard, CoPilot, and MyAi into major social media platforms, web browsers, and smartphones, necessitating caution in their use at both organizational and individual levels.
According to the advisory, globally, many organizations are incorporating AI-powered chatbots and APIs into their operational workflows and information systems.
While these tools offer significant benefits, they also pose cyber risks, particularly when users store conversations that could contain proprietary information, personal communications, or sensitive business strategies. In the event of a breach, unauthorized access to these accounts could lead to the exposure of critical data.
Just recently, it was uncovered that ChatGPT’s Mac app was storing private user data in plain text. Although the issue was quickly resolved, it still raises a cause for concern.
The advisory states that individuals handling extremely sensitive data should avoid using ChatGPT and similar chatbots. Critical information should be masked if its use is unavoidable. Users are advised against entering data that could reveal capabilities or sources. Disabling chat-saving features or manually deleting conversations is recommended to mitigate risks.
Additionally, employing malware-free and screened systems for chatbot interactions is crucial, as compromised systems could lead to data leaks via screenshots or keylogging.
The cabinet division has urged organizations to adopt best practices to ensure the secure use of chatbots and protect their data. Staying up to date with evolving AI technology and security trends is vital.
Conducting comprehensive risk assessments of AI-driven chatbots can help identify vulnerabilities and develop mitigation plans. The advisory also recommends using separate online PCs devoid of private or official data for chatbot usage to prevent data pilferage.
Monitoring access to chatbots is essential, with strong access controls and access log monitoring being pivotal. Implementing a zero-trust security approach, which assumes every user and device is a potential threat, is advised. Access to resources should be granted on a need-to-know basis, supported by robust authentication mechanisms.
According to the advisory, to prevent unauthorized access, secure communication channels, including encrypted channels and secure APIs should be used. Employees must be trained on the cautious use of chatbots and the potential risks, ensuring they do not share sensitive data and are aware of social engineering and malicious attacks.
The Cabinet Division has instructed federal and provincial governments to disseminate this information to all concerned organizations and affiliated departments, ensuring that necessary protective measures are implemented.
lowdy srf advisory/warning/alert/cautions hi release krty rehna haram khaaty rehna kam nahi krna is sb ko rokne k liye