Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireSecurity & Business ResilienceCybersecurity News

Cybersecurity leaders reflect on Samsung, ChatGPT incidents

By Rachelle Blair-Frasier, Editor in Chief
ChatGPT-on-laptop.jpg

Image via Unsplash

April 17, 2023

People have been using the popular AI chatbot ChatGPT, developed by OpenAI, to help with everything from writing emails, term papers to finding bug fixes in code. That last one is what has gotten a few Samsung employees in hot water.

Earlier this month it was reported by The Economist Korea that there were three incidents of entering Samsung Electronics corporate information into ChatGPT. In one incident an employee entered problematic source code and asked for a solution. Another employee entered program code and requested code optimization. A third employee submitted meeting contents in order to prepare meeting minutes.

After the incidents were discovered, company executives and employees were notified and urged to be careful using ChatGPT because once data is put onto Open AI’s external servers it is impossible for Samsung to retrieve or delete it. Samsun Electronics is looking to protective measures to prevent future information leaks. However, if it happens again access to ChatGPT may be blocked.

Cybersecurity leaders weigh in

“This incident isn't actually that surprising. People see ChatGPT as a useful tool, which it is, but forget that anything they share with it is shared with it and also all its users. So any proprietary, or even mildly sensitive, or personal, information needs to be scrubbed from interactions with the bot,” said Mike Parkin, Senior Technical Engineer at Vulcan Cyber. “While it's possible for companies to safely deploy tools that leverage the GPT engine in ways that replicate ChatGPT, they have to do it on their own instances where the data's not shared outside the organization.”

Parkin said the incidents at Samsung are an example of people failing Risk Management 101 by exposing sensitive information on an insecure channel.

“ChatGPT can be great for a lot of things, but people need to stop pretending that it's confidential or secure. It's not,” he said. “It's not an evil monster that'll destroy the world, but that doesn't mean it can't do some damage when you feed it information it really shouldn't have.”

“ChatGPT is probably the most exciting thing to come out in recent times,” said Bugcrowd Founder and CTO Casey Ellis. “The unfortunate downside is that an excited user is often also a less cautious one, and one that is more likely to make privacy and security related mistakes, both personally, and on behalf of their employers.”

Ellis said similar behaviors occurred with tools like Github, Stack Overflow, Reddit, and even search engines.

“This isn’t a new phenomenon in human behavior,” Ellis said. “With that in mind, I think it’s wise for security leaders to apply the idea of ‘building it like it’s broken’ and presuming that, at least somewhere inside their organization, incidents like the one at Samsung will take place. In terms of prevention, user awareness training is pretty valuable in these early stages, and I imagine that a fresh look at access controls will be on the radar of many organizations over the coming months.”

“As a general rule, if you wouldn’t share the content you’re typing into ChatGPT with someone who works for your company’s direct competitor, then do not share it with ChatGPT,” said Melissa Bischoping Director of Endpoint Security Research at Tanium. “Even if you think the data you’re sharing may be generic and non-damaging, you should review any relevant policies with your legal and compliance teams to clear up any doubt. Companies have rapidly started rolling out acceptable use policies for AI/ML tooling if they didn’t have them already, so leaders should prioritize education, Q&A, and crystal-clear understanding of the risk and limitations.”   

Bischoping said the issue with sharing data with ChatGPT is that the creators can see all the data entered and use it as the model continues to train and grow. In addition, once the information is part of the next model, it could be possible for the AI to give the information to another party.

“As organizations want to enable use of powerful tools like ChatGPT, they should explore options that allow them to leverage a privately trained model so their valuable data is only used by their model, and not leveraged by iterations on training for the next publicly available model,” Bischoping continued. “Large language models are not going anywhere, but with great power comes great responsibility.   Educate employees on what information is highly sensitive, how to treat that data in regards to humans or computer systems, and consider investing in a non-public model to use for your intellectual property’s protection.”

KEYWORDS: artificial intelligence (AI) cyber incident data breach employee training optimization proprietary information

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Rachelle blairfrasier headshot white

Rachelle Blair-Frasier is Security magazine’s Editor in Chief. Blair-Frasier handles eMagazine features, as well as writes and publishes online news and web exclusives on topics including physical security, risk management, cybersecurity and emerging industry trends. She helps coordinate multimedia content and manages Security magazine's social media presence, in addition to working with security leaders to publish industry insights. Blair-Frasier brings more than 15 years of journalism and B2B writing and editorial experience to the role.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • white house behind trees

    Biden-⁠Harris announce key AI actions following landmark executive order

    See More
  • Cybersecurity hand graphic

    Security leaders discuss new SEC disclosure rule as deadline nears

    See More
  • Digital dollar concepts

    Emerging Cyber Threats in a Rapidly Evolving Landscape

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing