However, “it doesn’t appear that this technology could be used to monitor employees anytime soon,” Elcock says.
Self-censorship
Generative AI poses several potential risks, but there are steps companies and individual employees can take to improve privacy and security. First, don’t include sensitive information in a query about a publicly available tool like ChatGPT or Google Gemini, says Lisa Avvocato, vice president of marketing and community at data firm Sama.
When creating a prompt, try to keep it general to avoid oversharing. “Ask: ‘Write a sample proposal for budget expenses,’ not ‘Here’s my budget, write a proposal for expenses for a sensitive project,’” he says. “Use AI as your first draft, then add any sensitive information you need to include.”
If you’re using it for research purposes, avoid problems like those that occur with Google’s AI reviews by verifying what it provides, Avvocato says. “Ask him to provide references and links to sources. If you ask AI to write code, you still need to review it rather than assuming it’s ready.”
Microsoft stated this themselves that Copilot must be configured correctly and “the slightest privilege” – the concept that users should only have access to the information they need should be applied. This is a “key point,” says Prism Infosec’s Robinson. “Organizations need to lay the foundation for these systems and not just trust the technology and assume everything will be fine.”
It’s also worth noting that ChatGPT uses the data you provide to train its models, unless you turn it off in settings or use the Enterprise version.
List of assurances
Companies that incorporate generative AI into their products say they are doing everything they can to protect security and privacy. Microsoft is keen outline security and privacy considerations in Recall and the ability to control this feature Settings > Privacy & Security > Recall & Snapshots.
Google says Generative AI in Workspace “does not change our core privacy protections that give users choice and control over their data” and stipulates that the information is not used for advertising purposes.
OpenAI repeats how it holds itself security and privacy in their products, while enterprise versions are available with additional controls. “We want our AI models to learn about the world, not individuals, so we take steps to protect people’s data and privacy,” an OpenAI spokesperson tells WIRED.
OpenAI says it offers ways to control how your data is used, including self-service tools for access, exportAND remove personal data, as well as the ability to opt out of using the content for improve your models. According to ChatGPT Team, ChatGPT Enterprise and its API are not trained on data or conversations, and their models do not learn from usage by default.
Either way, it looks like your AI coworker is here to stay. As these systems become more sophisticated and pervasive in the workplace, the risks will only increase, Woollven says. “We are already seeing the emergence of multimodal AI such as GPT-4o, which can analyze and generate images, audio and video. So now companies have to worry about protecting more than just text data.”
With this in mind, people – and companies – need to set themselves up to treat AI like any other third-party service, Woollven says. “Don’t share anything you wouldn’t want to be made public.”
