Last year\u2019s explosive growth in AI applications, services, and plug-ins looks set to only accelerate. From office applications and image editors to integrated development environments (IDEs) such as Visual Studio\u00a0\u2014 AI is being added to familiar and long-used tools. Plenty of developers are creating thousands of new apps that tap the largest AI models. However, no one in this race has yet been able to solve the inherent security issues, first and foremost the minimizing of confidential data leaks, and also the level of account\/device hacking through various AI tools \u2014 let alone create proper safeguards against a futuristic \u201cevil AI\u201d. Until someone comes up with an off-the-shelf solution for protecting the users of AI assistants, you\u2019ll have to pick up a few skills and help yourself.<\/p>\n
So, how do you use AI without regretting it later?<\/p>\n
The privacy policy of OpenAI<\/a>, the developer of ChatGPT, unequivocally states that any dialogs with the chatbot are saved and can be used for a number of purposes. First, these are solving technical issues and preventing terms-of-service violations: in case someone gets an idea to generate inappropriate content. Who would have thought it, right? In that case, chats may even be reviewed by a human. Second, the data may be used for training new GPT versions and making other product \u201cimprovements\u201d.<\/p>\n Most other popular language models \u2014 be it Google\u2019s Gemini, Anthropic\u2019s Claude, DeepSeek or Microsoft\u2019s Bing and Copilot \u2014 have similar policies: they can all save dialogs in their entirety.<\/p>\n That said, inadvertent chat leaks have already occurred<\/a> due to software bugs, with users seeing other people\u2019s conversations instead of their own. The use of this data for training could also lead to a data leak from a pre-trained model<\/a>: the AI assistant might give your information to someone if it believes it to be relevant for the response. Information security experts have even designed multiple attacks (one<\/a>, two<\/a>, three<\/a>) aimed at stealing dialogs, and they\u2019re unlikely to stop there.<\/p>\n So, remember: anything you write to a chatbot can be used against you. We recommend taking precautions when talking to AI.<\/p>\n Don\u2019t send any personal data to a chatbot. <\/strong>No passwords, passport or bank card numbers, addresses, telephone numbers, names, or other personal data that belongs to you, your company, or your customers must end up in chats with an AI. You can replace these with asterisks or \u201cREDACTED\u201d in your request.<\/p>\n Don\u2019t upload any documents. <\/strong>Numerous plug-ins and add-ons let you use chatbots for document processing. There might be a strong temptation to upload a work document to, say, get an executive summary. However, by carelessly uploading of a multi-page document, you risk leaking confidential data<\/a>, intellectual property, or a commercial secret such as the release date of a new product or the entire team\u2019s payroll. Or, worse than that, when processing documents received from external sources, you might be targeted with an attack<\/a> that counts on the document being scanned by a language model.<\/p>\n Use privacy settings.<\/strong> Carefully review your large-language-model (LLM) vendor\u2019s privacy policy and available settings: these can normally be leveraged to minimize tracking. For example, OpenAI products let you disable saving of chat history. In that case, data will be removed after 30 days and never used for training. Those who use API, third-party apps, or services to access OpenAI solutions have that setting enabled by default.<\/p>\n Sending code? Clean up any confidential data.<\/strong> This tip goes out to those software engineers who use AI assistants for reviewing and improving their code: remove any API keys, server addresses, or any other information that could give away the structure of the application or the server configuration.<\/p>\n Follow the above tips every time \u2014 no matter what popular AI assistant you\u2019re using. However, even this may not be sufficient to ensure privacy. The use of ChatGPT plug-ins, Gemini extensions, or separate add-on applications gives rise to new types of threats.<\/p>\n First, your chat history may now be stored not only on Google or OpenAI servers but also on servers belonging to the third party that supports the plug-in or add-on, as well as in unlikely corners of your computer or smartphone.<\/p>\n Second, most plug-ins draw information from external sources: web searches, your Gmail inbox, or personal notes from services such as Notion, Jupyter, or Evernote. As a result, any of your data from those services may also end up on the servers where the plug-in or the language model itself is running. An integration like that may carry significant risks: for example, consider this attack that creates new GitHub repositories on behalf of the user<\/a>.<\/p>\n Third, the publication and verification of plug-ins for AI assistants are currently a much less orderly process than, say, app-screening in the App Store or Google Play. Therefore, your chances of encountering a poorly working, badly written, buggy, or even plain malicious plug-in are fairly high \u2014 all the more so because it seems no one really checks<\/a> the creators or their contacts.<\/p>\n How do you mitigate these risks? Our key tip here is to give it some time. The plug-in ecosystem is too young, the publication and support processes aren\u2019t smooth enough, and the creators themselves don\u2019t always take care to design plug-ins properly or comply with information security requirements. This whole ecosystem needs more time to mature and become securer and more reliable.<\/p>\n Besides, the value that many plug-ins and add-ons add to the stock ChatGPT version is minimal: minor UI tweaks and \u201csystem prompt\u201d templates that customize the assistant for a specific task (\u201cAct as a high-school physics teacher\u2026\u201d). These wrappers certainly aren\u2019t worth trusting with your data, as you can accomplish the task just fine without them.<\/p>\n If you do need certain plug-in features right here and now, try to take maximum precautions available before using them.<\/p>\n So far, we\u2019ve been discussing risks relating to data leaks; but this isn\u2019t the only potential issue when using AI. Many plug-ins are capable of performing specific actions at the user\u2019s command \u2014 such as ordering airline tickets. These tools provide malicious actors with a new attack vector: the victim is presented with a document, web page, video, or even an image that contains concealed instructions for the language model in addition to the main content. If the victim feeds the document or link to a chatbot, the latter will execute the malicious instructions \u2014 for example, by buying tickets with the victim\u2019s money. This type of attack is referred to as prompt injection<\/a>, and although the developers of various LLMs are trying to develop a safeguard against this threat, no one has managed it \u2014 and perhaps never will.<\/p>\nLimit the use of third-party applications and plug-ins<\/h2>\n
\n
Execution plug-ins call for special monitoring<\/h2>\n