- This Samsung OLED spoiled every other TV for me, and it's $1,400 off for Black Friday
- NetBox Labs launches tools to combat network configuration drift
- Russian Cyber Spies Target Organizations with Custom Malware
- The Customer Adoption Journey of Cisco Secure Workload
- Three-Quarters of Black Friday Spam Emails Identified as Scams
OpenAI Promises Enterprise-Grade Security with ChatGPT for Business
The creators of ChatGPT, OpenAI, have launched ChatGPT Enterprise which it claims to be the “most powerful version of ChatGPT yet”.
The company also claims that with the new version of its generative AI chatbot, users will get “enterprise-grade security and privacy”.
Other features include unlimited higher-speed GPT-4 access, longer context windows for processing longer inputs, advanced data analysis capabilities and customization options.
Regarding data privacy, OpenAI said that it does not train on a customer’s business data or conversations.
“Our models don’t learn from your usage,” the company’s statement said. ChatGPT Enterprise is also SOC 2 compliant, and all conversations are encrypted in transit and at rest.
Security Pros Raise Privacy Concerns
Infosecurity previously reported on privacy concerns relating to OpenAI’s data-scraping methods that are used to collect the data ChatGPT is based on.
Jamie Moles, senior technical manager at ExtraHop, noted other security issues: “The security community at large has raised concerns since late last year about the potential for employee misuse to cause data leakage into ChatGPT, risking the model to train off sensitive information and use that information for other prompts with no consequences.”
On the new level of privacy being offered by OpenAI he said, “Any organization using generative AI tools should still use their best judgment when inputting sensitive information or data into the model, make sure employees have guidelines on how to use these tools for their specific roles, and organizations should still regulate in what capacity these tools can be used.”
OpenAI has also said that it can support companies compliance with GDPR and other privacy laws.
The company’s privacy page states: “We are able to execute a Data Processing Addendum (DPA) with customers for their use of ChatGPT Enterprise and the API in support of their compliance with GDPR and other privacy laws.”
Erfan Shadabi, cybersecurity expert at Comforte AG, said: “Whenever security and privacy enhancements are made, it is always a positive move.”
“Apart from the novelty value of ChatGPT, it is genuinely helping organizations to enhance their customer service, free up staff to work on higher value tasks and even improve productivity as an aid for content marketing, web coding and other tasks. However, its accessibility and powerful AI backend also open the door for more malignant uses. With that said, it’s imperative that data is secured to industry standards with strong data protection like tokenization and encryption,” he said.
In addition to the privacy features, there is an admin console with bulk member management, single-sign on (SSO) and domain verification for large-scale deployments.
In April, OpenAI launched a bug bounty program in which ethical hackers could earn up to $20,000 to find security flaws in the company’s AI solution.