12 comments

[ 3.9 ms ] story [ 32.6 ms ] thread
Well yeah, how else are you supposed to use it to do your work for you?
Who needs corporate espionage when employees are literally Ctrl+C, Ctrl+V-ing company secrets into a publicly accessible chatbot? We've automated the data breach.
That sounds like a management friendly business opportunity. Sell corporate accounts that allow uploading DLP data loss prevention rules. Someone uploads your company secrets ChatGPT makes a snarky reply to the person and sends the data to /dev/null. I could suggest even more dystopian measures like ChatGPT using an HR API to automate off-boarding after repeated incidents. Or companies could get their data-scientists big-data teams to write code in-house to do the same thing employees are trying to get ChatGPT to do for them.
This is a more general problem: people will sign up for, install, and provide data to just about anything that promises to be useful.
I know of a CTO who did this right after his org rolled out rules against it... and then he asked and IT said it was fine...
I've been urging my friend to be the hero and set up Sonnet 4.5/Qwen3 235B/Deepseek R1/V3 on AWS Bedrock and allow employees to point their IDEs and chatbots to their endpoint and dont let the data leave their cloud. They are priced the same as their public counterparts.
With so many recent leadership hires / acquire hires with Facebook Growth Team backgrounds, ya’ll are naive if you think OpenAI _isn’t_ using this business data for their own means…and/or intends to lean more heavily into this direction

Ex: if you’re a Statsig user, OpenAI now knows every feature you are releasing, content you produce, telemetry, etc.

On the one hand I hear time and time again: it's not the idea, it's the implementation that matters.

On the other hand, people freak out about uploading secrets to a tool/platform.

Are these secrets REALLY that 'cornerstone' to the survivability of the company, or is it maybe just a <little> wishful thinking from smaller companies convincing themselves they've made some sort of secret sauce?

so, i can have auto-completion of my api-key ?
At some level this just puts a huge burden on OpenAI. Because ChatGPT is so widely used, if something leaks everyone might put the blame predominantly on OpenAI rather than all the employees using it (disclaimer in case my employer is reading; I don't paste secrets into ChatGPT :P).
No, I don't believe this. Every corporate employee I know places the security and privacy of corporate assets as paramount. I can't believe anyone would subvert security controls to make their jobs easier. In case you couldn't tell, that was sarcasm.
Meanwhile companies exist that have built essentially layers in front of chatbots, masking or filtering sensitive data, then forwarding the masked query, then unmasking it when giving back to the user(e.g. https://www.liminal.ai/ ).

Ideally you shouldn't paste sensitive information into the chat in first place. But when such companies can guarantee certain compliance types, it might be better to offer this rather than letting people use chats uncontrolled in companies.