ChatGPT use is increasing exponentially among enterprise users, who are using it to help with the writing process, to explore new topics, and to write code. But, users need to be careful about what information they submit to ChatGPT, because ChatGPT does not guarantee data security or confidentiality. Users should avoid submitting any sensitive information, including proprietary source code, passwords and keys, intellectual property, or regulated data. This blog post explores how well enterprise users are following this guidance.
Users posting sensitive data to ChatGPT
For the four-week period starting May 8, 2023 through June 4, 2023, Netskope Threat Labs tracked four different types of sensitive data posted to ChatGPT. Source code (mostly Python, Javascript, and Java) led the pack with 28 out of every 10k users submitting source code to ChatGPT. Intellectual property (as defined by organization DLP policies) came in second, with 22 out of every 10k users posting intellectual property. Passwords and keys came in third, followed by regulated data, mostly personally identifiable information (PII), financial data, and healthcare data.

Frequency of sensitive data posted to ChatGPT
For the same four-week period starting on May 8, 2023 through June 4, 2023, there were 461 incidents of sensitive data posted to ChatGPT per 10k enterprise users. Source code and intellectual property were posted most frequently, each with hundreds of posts per 10k enterprise users, while passwords and keys and regulated data were posted much less frequently, with only tens of posts per 10k enterprise users.

Habilitación segura de ChatGPT
Los clientes de Netskope pueden habilitar de forma segura el uso de ChatGPT con control de acceso a aplicaciones, asesoramiento de usuarios en tiempo real y protección de datos.
Acerca de este artículo de blog
Netskope proporciona protección de datos y frente a amenazas a millones de usuarios en todo el mundo. La información presentada en este artículo de blog se basa en datos de uso anonimizados recopilados por la plataforma Netskope Security Cloud relativos a un subconjunto de clientes de Netskope con autorización previa. Las estadísticas se basan en el periodo comprendido entre el 8 de mayo de 2023 y el 4 de junio de 2023. Las estadísticas son un reflejo tanto del comportamiento del usuario como de la política de la organización.
The stats presented in this blog post are based on more than 300,000 users in organizations that have implemented DLP policies to monitor and control what content users are posting to ChatGPT.