Generative AI platforms: what are the security and privacy risks?

The emergence of generative AI like ChatGPT undoubtedly constitutes the most important technological revolution since the birth of the Internet. Hundreds of millions of Internet users interact daily with these AIs, whether for personal or professional needs. Like every major new technology, they raise numerous security and privacy concerns.

Security issues linked to generative AI should be at the heart of the debates during Data Privacy Week, which takes place every year across Europe during the week of January 22 to 26. It must be said that conversational AIs like Google’s Bard or OpenAI’s ChatGPT process several tens of millions of requests around the world every day and the trend is undoubtedly not about to reverse. These services have literally revolutionized the way we interact with AI. From a simple request called “prompt”, they are able to facilitate many daily tasks: writing articles, plans, or reports, correcting or translating texts, summarizing documents, creating images, generating computer code, analyze emails, etc.

Like every new disruptive technology, generative AI raises more and more concerns in terms of security and privacy protection. To protect against these new forms of risk, it is essential to use an advanced security solution like Bitdefender Premium Security Plus.

Should you use ChatGPT or other generative AI?

Conversational AI models like ChatGPT work and improve in part because of the data users provide when they make requests. Most users are unaware that their interactions with generative AI are used to improve their abilities. With this in mind, it is therefore very important not to disclose sensitive personal information that you wish to keep private. Before using any of these services, it is recommended that you review their data privacy policy to understand how it is used.

What about the information collected by AI?

If you ask ChatGPT, for example, to summarize a contract or a confidential document, to analyze a proprietary computer code, to correct a text or a song of which you are the author, all this data is de facto ingested by the robot and can potentially be disclosed to other users. The Korean giant Samsung has notably banned the use of ChatGPT, Bard, and Bing to its employees following several incidents. Engineers from the group’s semiconductor division used OpenAI’s AI to help them carry out various tasks. One of them provided the source code of a sensitive computer program from the manufacturer to check whether it did not contain possible security flaws. The event, which was reported in the media around the world, forced OpenAI to modify the rules of its paid subscriptions intended for businesses.

From now on, ChatGPT will no longer memorize the data provided by professionals. This rule does not apply to free versions. Internet users who use generative AI must therefore remain very vigilant. Some services like Google Bard collect an impressive amount of information ranging from location data, usage feedback, searches, etc. Bard can also access information from many other Google services (Gmail, Maps, Docs, YouTube, etc.) to respond to user requests. The web giant, however, requires very clear and explicit consent that you accept or not before using its AI.

What are the privacy and data protection risks?

Natural language processing models pose many privacy and data protection risks. As mentioned previously, conversations with generative AIs are not private. Some may also be analyzed by humans to improve the quality of responses, which could potentially result in a breach of data confidentiality. Google Bard now displays a message to alert users that their interactions with the bot may be reviewed by reviewers. Generative AIs also collect data that may include the account information you enter during registration: name, contact details, login credentials, payment card information (premium accounts only), etc.

OpenAI’s AI also uses data extracted from your device or browser such as IP address and geographic location. Not forgetting the information you enter for your queries, as well as the files and comments you provide to the chatbot. As a result, there is a risk that this information will be stored, processed, shared with third parties, or even used inappropriately. Like any online service, they can also be victims of cyberattacks that can cause data leaks and expose users’ personal information.

Personal data may also be used for advertising targeting purposes. It is important to keep in mind that conversations and/or data shared with these services may be indexed and publicly accessible. The risks of compromising user privacy and even reputation are very real. The best solution to protect your privacy is to share as little sensitive and identifiable information as possible with these types of services.

How do cybercriminals exploit generative AI for malicious purposes?

The extraordinary capabilities of generative AI have unfortunately not escaped cybercriminals. They exploit these technologies for malicious purposes, particularly for phishing and social engineering, in order to create ever more deceptive and effective phishing campaigns. One of their methods consists of submitting the data they manage to collect on users (publications on social networks, professional profile data, etc.) to an AI so that it can analyze it and generate personalized messages that seem legitimate. . One of the other particularly worrying trends is the use of AI to create deepfakes.

These are videos or audio recordings which appear to be real, but which are in reality manipulated to spread false information, carry out scams by posing for example as a company manager, carry out blackmail, etc. A worrying threat which particularly gives public figures a cold sweat. That’s not all, AI can be used in various ways to create sophisticated malware, exploit security vulnerabilities, or even automate massive attacks. To counter these new forms of threats, it is crucial to use powerful security tools like Bitdefender Premium Security Plus.

Bitdefender premium Security Plus: a multi-layered security suite that provides a better understanding of cybersecurity issues

Faced with the exponential multiplication of threats which makes their indexing impossible, Bitdefender has used artificial intelligence and machine learning in its behavioral analysis engine for many years. As a result, this allows it to block multiple threats, whether known or unknown. The Bitdefender Premium Security Plus security suite also includes an identity protection system called Bitdefender Digital Identity Protection.

The latter includes a wide range of tools to manage and protect your identity and personal data via the Bitdefender Central online management portal. The service constantly searches the Internet and the dark web for traces of personal data and alerts you when it detects a data leak concerning you. Protection that is becoming more and more essential.