Data Leaks via ChatGPT: Hidden Risks for Your Business

The Massive Adoption of Generative AI in Business

In less than two years, ChatGPT and its competitors have revolutionized how we work. According to a recent McKinsey study, 78% of employees now use generative AI tools in their daily work, whether for writing emails, analyzing data, or writing code.

This rapid adoption has largely occurred outside the control of IT departments and security teams. Employees, attracted by the productivity these tools offer, often use them without questioning the security implications.

"Most companies have no visibility into what their employees share with ChatGPT. It's a ticking time bomb in terms of data security."

Types of Data Being Exposed

Our analysis of thousands of incidents reveals that the types of data most frequently exposed via generative AI are:

• Financial data: Credit card numbers, IBANs, billing information copied to rephrase client emails
• Credentials and secrets: Stripe, GitHub, OpenAI API keys shared to "debug" code
• Personal data: Client emails, phone numbers, HR data in rephrasing requests
• Proprietary source code: Confidential algorithms, critical business logic
• Internal documents: Business strategies, unpublished financial data

Real Cases: Samsung and Others

In April 2023, Samsung made headlines after engineers shared confidential source code with ChatGPT. The incident led the company to completely ban the use of generative AI on company devices.

But Samsung is just the tip of the iceberg. Similar incidents occur daily in companies of all sizes, often without being detected:

• A developer shares an AWS API key to understand an error → the key ends up in training data
• A salesperson copies a client email with bank details to rephrase it
• An HR manager asks for help writing a termination letter with the employee's name and details

Why Traditional Solutions Fail

Traditional DLP solutions were designed to monitor classic channels: email, USB drives, printing. They are inadequate for generative AI web interfaces for several reasons:

1. Encrypted HTTPS traffic: Impossible to inspect content without breaking encryption
2. Dynamic interfaces: Modern web pages use complex frameworks that are difficult to analyze
3. Invisible copy-paste: Pasting text into ChatGPT doesn't generate a detectable file transfer
4. Shadow IT: Employees easily bypass restrictions by using personal devices

The Solution: Browser-Level Protection

To effectively protect your data, you need to intervene where the action happens: directly in the browser, at the moment when the user is about to send data to AI.

This is exactly what Zeus does. Our extension analyzes in real-time the text entered in ChatGPT, Claude, Gemini and other AI interfaces, and detects sensitive data before it's sent.

Two protection modes are available:

• Alert Mode: The user is warned and can choose to continue or cancel
• Blocking Mode: Sending is automatically blocked, ensuring maximum protection

Conclusion: Act Now

The question is not whether your employees use ChatGPT, but what they share with it. Every day without protection is a day when sensitive data can be exposed.

The good news is that there are simple, non-intrusive solutions to regain control. Zeus can be deployed in minutes and immediately starts protecting your organization.