Samsung Workers Banned from ChatGPT: Implications of Engineers Leaking Source Code to Chatbot

Story

In March 2021, Samsung banned its workers from using the AI powered ChatGPT platform, following concerns over cybersecurity breaches. It was found that a group of engineers at the South Korean multinational conglomerate had leaked source code to a ChatGPT chatbot, which raised cybersecurity issues due to the potential for the bot to commit fraudulent activities such as phishing and identity theft. The banning of the platform has implications for the use of AI in the workplace, particularly with regards to data protection and cybersecurity.

Real-life Examples

• In 2017, the U.S. Securities and Exchange Commission (SEC) charged the Ukrainian-based chatbot platform, Mechanical Zoo, with fraud due to its chatbot, Renu, making fraudulent claims about a penny stock. The use of AI in chatbots could increase the risk of fraudulent activity as bots could potentially be programmed to manipulate data or deceive users into giving away personal information.
• In 2019, Capital One, one of the largest banks in the U.S., suffered a data breach which compromised the personal information of over 100 million customers. It was found that a hacker had exploited a vulnerability in the bank's firewall to gain access to data stored in its cloud. The implications for AI-powered chatbots could be significant as the technology is becoming more widely used in the banking sector and could therefore become a target in cyber attacks.
• In 2020, Zoom, the video conferencing platform, faced criticism over its security measures after it was found that its end-to-end encryption was not actually end-to-end, meaning that user data could be accessed by the company. The use of AI in chatbots raises similar concerns over data privacy and protection, as the vast amounts of data that chatbots collect could be misused for nefarious purposes or accidentally leaked due to vulnerabilities.

Critical Comments

1. While the banning of ChatGPT by Samsung may seem like a drastic measure, it highlights the importance of taking cybersecurity seriously in the workplace. Companies that use AI-powered chatbots need to be aware of potential vulnerabilities and take measures to address them, rather than relying solely on the technology to protect them.
2. Regulation is needed to ensure that companies are taking the necessary measures to protect data and prevent fraud. This may involve implementing stricter guidelines around the use of AI and requiring companies to regularly assess and mitigate cybersecurity risks, particularly given the increasing use of chatbots and other AI technologies in the workplace.
3. There is a need for awareness and education around cybersecurity and data protection, particularly among employees who use chatbots and other AI-powered technologies. Companies need to provide training and support to ensure that workers are aware of potential risks and are taking steps to mitigate them. This includes regular security updates and reminders to change passwords and update software.