Are chatbots stealing your personal data?
Generative artificial intelligence (AI) creates, summarises and stores reams of data and documents in seconds, saving workers valuable time and effort, and companies lots of money.
But as the old saying goes, you don't get something for nothing.
As the uncontrolled and unapproved use of unvetted AI tools such as ChatGPT and Copilot soars, so too does the risk that company secrets or sensitive personal information such as salaries or health records are being unwittingly leaked.
This hidden and largely unreported risk of serious data breaches stems from the default ability of AI models to record and archive chat history, which is used to help train the AI to better respond to questions in the future.
As these conversations become part of the AI's knowledge base, retrieval or deletion of data becomes almost impossible.
'It's like putting flour into bread,' said Ronan Murphy, a tech entrepreneur and AI adviser to the Irish government. 'Once you've done it, it's very hard to take it out.'
This 'machine learning' means that highly sensitive information absorbed by AI could resurface later if prompted by someone with malicious intent.
Experts warn that this silent and emerging threat from so-called 'shadow AI' is as dangerous as the one already posed by scammers like those who recently targeted Marks & Spencer, costing the retailer £300 million.
M&S fell victim to a 'ransomware' attack, where hackers tricked company insiders into giving away computer passwords and other codes.
Its chairman, Archie Norman, told MPs last week that the hack was caused by 'sophisticated impersonation' of one of its third-party users.
Four people have been arrested by police investigating the cyber attacks on M&S and fellow retailers Co-op and Harrods.
But cyber criminals are also using confidential data voraciously devoured by chatbots like ChatGPT to hack into vulnerable IT systems.
'If you know how to prompt it, the AI will spill the beans,' Murphy said.
The scale of the problem is alarming. A recent survey found that nearly one in seven of all data security incidents is linked to generative AI.
Another found that almost a quarter of 8,000 firms surveyed worldwide gave their staff unrestricted access to publicly available AI tools.
That puts confidential data such as meeting notes, disciplinary reports or financial records 'at serious risk' that 'could lead employees to inadvertently propagate threats', a report from technology giant Cisco said.
'It's like the invention of the internet – it's just arrived and it's the future – but we don't understand what we are giving to these systems and what's happening behind the scenes at the back end,' said Cisco cyber threat expert Martin Lee.
One of the most high-profile cybersecurity 'own-goals' in recent years was scored by South Korean group Samsung. The consumer electronics giant banned employees from using popular chatbots like ChatGPT after discovering in 2023 that one of its engineers had accidentally pasted secret code and meeting notes onto an AI platform.
Banks have also cracked down on the use of ChatGPT by staff amid concerns about the regulatory risks they face from sharing sensitive financial information. But as organisations put guardrails in place to keep their data secure, they also don't want to miss out on what may be a once-in-a-generation chance to steal a march on their rivals. 'We're seeing companies race ahead with AI implementation as a means of improving productivity and staying one step ahead of competitors,' said Ruben Miessen, co-founder of compliance software group Legalfly, whose clients include banks, insurers and asset managers.
'However, a real risk is that the lack of oversight and any internal framework is leaving client data and sensitive personal information potentially exposed,' he added.
The answer though, isn't to limit AI usage. 'It's about enabling it responsibly,' Miessen said.
Murphy added: 'You either say no to everything or figure out a plan to do it safely.
'Protecting sensitive data is not sexy, it's boring and time-consuming.' But unless adequate controls are put in place, 'you make a hacker's job extremely easy'.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
BBC News
an hour ago
- BBC News
Europe's freedom faces greatest 'threat' since WW2, says Macron
French President Emmanuel Macron has outlined plans for a big increase in defence spending, warning Europe's liberty is facing a "greater threat" than at any time since the end of World War a speech to the armed forces in Paris, he said "we are living in a pivotal moment" due to complex called for France's defence spending to rise by €3.5bn (£3bn) next year and then by a further €3bn in the threat from Russia, he denounced "imperialist policies" and "annexing powers". Fighting has raged since Moscow launched its full scale invasion of Ukraine in February 2022. Macron pledged to double France's military budget by 2027, three years earlier than originally planned. In 2017, his country's defence budget stood at €32bn and under the plans would rise to €64bn in two years time. The proposals still need to be approved by the French government."To be free in this world, you must be feared. To be feared, you must be powerful," he said in the speech, which fell on the eve of Bastille said the world was witnessing the return of nuclear power and the "proliferation of major conflicts". He also referenced the US bombing of Iran, fighting between India and Pakistan and what he called the "ups and downs in American support for Ukraine".Last month, Nato members agreed to commit to spending 5% of GDP annually on defence, up from the previous target of 2%. The UK also announced its own defence review, with Defence Secretary John Healey saying it would send a "message to Moscow".On Friday, the head of the French army, Thierry Burkhard, said Russia saw France as its "main adversary in Europe".Russia posed a "durable" threat to Europe, Burkhard said, adding that the "rank of European countries in tomorrow's world" was being decided in Prime Minister Francois Bayrou is expected to outline next year's budget on Thursday.
Reuters
an hour ago
- Reuters
Wealth funds warm to active management - and China - to weather volatility, report shows
LONDON, July 14 (Reuters) - The world's sovereign wealth funds are turning to active fund management and investments in China, while central banks are diversifying reserves to weather a volatile global environment, an Invesco survey of sovereign funds and central banks managing $27 trillion in assets showed. Still, the dollar reigns supreme, with the bulk of central banks saying it would take two decades to dethrone it - if ever - as the top reserve currency despite growing concerns. "Institutions with greater than $100 billion - so the pretty large institutions - those are the ones that were most interested in moving more to active management," said Rod Ringrow, Invesco's head of official institutions. Whereas funds liked passive management in predictable market conditions, predictable was "no longer the case," he added. "I think that frames the whole approach... in this move to active management." On average, wealth funds made returns of 9.4% last year, the joint second-best performance in the survey's history. Nevertheless, market volatility and de-globalisation concerns have spiked - and over the 10-year horizon, big worries centre around climate change and rising sovereign debt levels. Over 70% of the 58 central banks polled for example now believe rising U.S. debt is negatively impacting the dollar's long-term outlook. Nevertheless, 78% think it will take more than two decades for a credible alternative to the greenback to emerge. That is a jump from 58% last year while just 11% of central banks now view the euro as gaining ground compared to 20% last year. The survey was carried out between January and March - before U.S. President Donald Trump's "Liberation Day" tariff announcements and at the peak of excitement around DeepSeek AI's emergence in China. Wealth funds are seeing a major resurgence in interest in Chinese assets with nearly 60% intending to increase allocations there in the coming five years, specifically the tech sector. That number jumps to 73% in North America despite the worsening U.S.-Sino tensions, whereas in Europe it sits at just 13%. Wealth funds, the survey said, were now approaching China's innovation-driven sectors with the "strategic urgency they once directed toward Silicon Valley." "There's a little bit of a FOMO," Ringrow explained, a view that "I need to be in China now" as it shapes up to be a global leader in semiconductors, cloud computing, artificial intelligence, electric vehicles and renewable energy. Private credit has also emerged as a key focus for funds seeking alternative sources of income and resilience. It is now adopted by 73% of wealth funds, up from 65% last year, and with half actively increasing allocations. "This represents one of the most decisive trends in sovereign asset allocation," the report said. There is also growing interest, especially among emerging market wealth funds, in stablecoins - a type of cryptocurrency that is most commonly pegged 1:1 to the dollar. Almost half of funds said stablecoins were the type of digital assets they were inclined to invest in, although that was still behind the likes of bitcoin, where the share was 75%.
Times
an hour ago
- Times
The businesses using journalists to protect their reputation
A t the height of the pandemic, two journalists working at Dow Jones decided to use skills honed over years of reporting to address a novel but growing challenge facing businesses — reputational risk. Justin Williams, a former editorial executive at The Daily Telegraph, and Sophie Elsworthy, a journalist and former elite athlete, founded InsightX in 2020 as lockdown shuttered businesses. The London-based agency has taken a novel approach to due diligence, using investigative journalism to treat every target, whether it be a sponsor, celebrity or supplier, as a potential front-page story. In doing so, it is addressing the growing issues of reputational contagion, a new type of risk that is increasingly occupying decision-makers at big corporations and brands, alongside more prosaic concerns about solvency that have commonly formed the bulk of due diligence work.
