Sensitive employee information often inputted into GenAI.
Almost half (45.8 percent) of inputs into GenAI tools potentially disclosed customer data, such as billing information and authentication data.
According to an analysis by Harmonic Security, 26.8 percent of inputs contained information on employees, including payroll data, PII, and employment records. Some prompts even asked GenAI to conduct employee performance reviews.
Also, 8.5 percent of prompts are a concern and potentially disclose sensitive data. Harmonic Security recommends using real-time monitoring, using paid plans or plans that do not train on input data, and create workflows that shape how different departments or groups can engage with GenAl tools.
Alastair Paterson, CEO and co-founder at Harmonic Security comments: “Most GenAI use is mundane. In most cases, organisations were able to manage this data leakage by blocking the request or warning the user about what they were about to do, but not all firms have this capability yet.
“The high number of free subscriptions is also a concern, the saying that ‘if the product is free, then you are the product’ applies here and despite the best efforts of the companies behind GenAI tools there is a risk of data disclosure.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
