Digital Guardian helps mitigate data loss risks associated with large language models
With the continued rise of AI, chatbots, and tools such as ChatGPT in both our personal and professional lives, CISOs and cybersecurity pros have a whole new series of concerns. These emerging technologies propose great benefits to organizations. However, the need for control is fueled by the stories and articles about this technology’s dark side, with headlines detailing employees allegedly leaking company secrets and source code to the chatbot, scenarios that could cost organizations untold sums of money.
Generative AI and Data Egress
Because chatbots and large language models (LLMs) like Google Gemini and Microsoft CoPilot are so easy to use, sensitive data becomes an even greater risk by employees, contractors, or other parts of your supply chain.
Beyond malicious intent, these tools can lead to the accidental uploading of what the user may not realize is sensitive, like PCI (payment card data), PII (personal identifiable information), IP (intellectual property), or pricing lists. Being alerted to negative usage, and implementing automated controls, is becoming a common requirement for organizations.
These tools are influenced by the amount and type of training data it has been exposed to. Whatever you give it gets saved for re-use in the future. Also, one may accept the results returned without providing a critical eye to its accuracy or decide to maliciously misuse the technology.
We are at the leading edge of not only the use of AI Chatbots but understanding the shortcomings and implications. Since each company has their own tolerance for risk, tools need to provide the flexibility to allow a company to ease their way into these environments. As cases in the US court system have already shown these learning models do not discriminate, be it personal commentary or intellectual property, all data is fair game, and we need to protect what we own.
Wade Barisoff, Director of Product, Data Protection, Fortra
Keeping Data Safe
Digital Guardian has over 20 years of helping organizations stop the theft of corporate data like sensitive source code and intellectual property. Digital Guardian customers have the peace of mind that we help highlight and mitigate the risks associated with these modern tools.
Flag Patterns
Monitor and block questions submitted to AI sites based on patterns such as: national insurance numbers, social security numbers, credit card number, sort codes, drivers’ licenses, ITAR (International Traffic in Arms Regulations) keywords, etc.
Block Classified Data
Block copying and pasting of data tagged as classified by the eDLP agent or user, such as tagged by government departments or enterprise classification like Public, Official, Official-Sensitive, Secret or Top Secret.
Outright Block
The most restrictive measure, Digital Guardian will block HTTP (unencrypted web traffic) and HTTPS (encrypted web traffic) going to hundreds of generative AI sites on users’ computers.
Digital Guardian Generative AI Content Pack
Digital Guardian can block data egress via AI sites right out of the box with our Generative AI Content Pack.
This provides DLP policies and reporting templates to allow users to use generative AI sites while preventing egress of classified data via copy-and-paste, file upload, or form submission.
Our Generative AI Content Pack also includes a workspace within Digital Guardian’s Analytics and Reporting Cloud (ARC) to allow for reporting on key data points such as:
