The Largest Data Leak in History Is Happening Right Under Our Noses

In today’s hyper-connected workplace, the rise of tools like ChatGPT, Google Bard, and other large language models (LLMs) is creating a seismic shift in how we work. These tools are not just a passing trend; they represent the future of productivity. However, many organizations are responding to this shift with outdated policies and unrealistic expectations, inadvertently creating what may become the largest security vulnerability in their history.

The Problem with Relying on the "Human Firewall"

Many companies are relying on what’s commonly referred to as the "human firewall," enforcing policies that prohibit employees from using tools like ChatGPT. While the intention behind these policies is clear—to protect sensitive information—the reality is much more complex. Expecting employees to follow blanket rules without considering the powerful draw of these tools is, quite frankly, delusional.

The Irresistible Utility of Large Language Models

ChatGPT is an incredibly useful tool for office workers across disciplines. It can help brainstorm new ideas, refine professional writing, and exponentially speed up research tasks. Whether you’re in programming, marketing, or any role requiring long hours in front of a computer, the benefits are undeniable.

This utility creates a paradox. On one hand, employees are instructed not to use these tools. On the other, they know these tools can help them do their jobs better and faster. The result? Employees are circumventing company policies, putting sensitive data into LLMs from work computers, personal devices, or even home networks.

Why Your Policies Aren't Enough

While web content filtering tools can slow down the trickle of data, they’re far from foolproof. Employees are uploading everything from source code and customer intelligence to financial models into these platforms. Even if it violates your stated policies, the temptation is simply too strong to resist.

The real danger lies in how these platforms handle your data. By default, even in paid versions of tools like ChatGPT, user inputs are used to train their models. It’s unlikely that every one of your employees is proactively turning off the “Improve the model for anyone” setting. Even if they do, can you truly trust that these tech companies, already embroiled in lawsuits over copyright violations, are adhering to these settings perfectly?

The Consequences of Inaction

If your intellectual property—be it source code, company secrets, regulated data like PII, PCI, or other sensitive information—is being uploaded to these systems, it’s at risk. While extracting data from LLMs is challenging, it’s not impossible. And the implications of such leaks are devastating: competitors gaining an edge, customers losing trust, and regulators imposing hefty fines.

The Path Forward: AI Enablement, Not Prohibition

So, what should you do? The answer lies in embracing, not banning, these tools—but doing so responsibly. Here’s how:

1. Enable Controlled Use: Use your cybersecurity and privacy programs to enable employees to use these tools safely. This means purchasing and rolling out the controllable, enterprise versions of ChatGPT, Microsoft Copilot, or Anthropic.
2. Implement Strong Data Governance: Enable your employees by providing govened access from vendors like RecordPoint to the data they need, while filtering out any sensitive information that does not belong on the public internet.
3. Deploy AI Firewalls: Set up LLM Digitial Loss Prevention measures from vendors like Nightfall AI to prevent sensitive data from leaking into these systems. Tools that monitor and restrict unauthorized uploads are crucial, but keep in mind that this is secondary to good LLM data enablement. If the data is easily available to your employees they won't be tempted to try and upload their own.
4. Monitor AI Usage: Use tools like Truyo to identify what AI models are being used within your organization and across SaaS platforms. This provides a clearer picture of your risk landscape.
5. Manage Custom AI Models: If your organization is building its own AI models, ensure they are monitored and understood. Make sure they’re trained with properly governed data and comply with internal and external regulations.

Protecting Your IP in an AI-Driven World

Prohibiting the use of LLMs is not a viable long-term strategy. AI enablement, coupled with strong governance and monitoring, is the way forward. By giving employees the tools and frameworks to use these systems responsibly, you not only mitigate risks but also harness the transformative potential of AI.

The largest data leak in history doesn’t have to happen in your organization. Take action now to protect your intellectual property and regulated data while enabling your workforce to thrive in the age of AI.