ChatGPT Shared Links and Information Protection: Risks and Measures Organizations Must Understand

This feature has found extensive use across social media platforms, where users share interesting conversations with ChatGPT.

We discovered cases of unintentional disclosure of sensitive information, including personal data, through these shared links — for example, individuals using ChatGPT for resume reviews.

While this might be an effective use of ChatGPT, sharing these interactions publicly raises certain concerns. For individuals, the extent of shared information might be a matter of personal discretion. However, what if an employee inadvertently shares work-related information? This scenario goes beyond individual responsibility and brings the entire organization’s accountability into question.

We’ve been able to unearth instances in which employees inadvertently exposed sensitive organizational information. The following screenshots are case studies that are based on real events, with certain details modified to ensure anonymity and prevent information leaks. Note that these are not the actual ChatGPT prompts but recreations (hence the different look).

While these examples demonstrate interesting uses of ChatGPT, it raises questions on the necessity of publicizing them via shared links. Although the intention may have been to share these with select colleagues, the content becomes accessible to anyone with the link (who can therefore access any of the information shown in the link).

This could lead to the shared URL ending up in the wrong hands or being reproduced elsewhere. Therefore, it is important to keep in mind that if the information that is to be shared with specific people is sensitive and could cause issues if made public, it should not be done so using the shared link feature.

To mitigate these risks, both individuals and organizations should consider the following when using ChatGPT’s Shared Links feature:

Risk awareness: Understand the inherent risks involved with the feature: anyone with the shared link URL can access its content. Users should also be aware that links can end up with unintended parties for various reasons.

Policies and guidelines: Establish clear policies and guidelines around what information can be entered into ChatGPT and what should be avoided. This should include guidelines on using the Shared Link feature and other necessary precautions.

Education and training: Regular training on information security can help raise awareness among employees and prevent information leakage. Training should include specific risk scenarios and lessons from real cases.

Monitoring and response: Consider technologies such as URL filtering and confidential information transmission detection for proactive monitoring and adherence to established policies and guidelines. A swift response is necessary in case of inappropriate access or leaked information.

In this article, we’ve discussed ChatGPT’s shared link feature, its inherent risks, and the necessary precautions needed to ensure user safety. In an era where AI technology adoption directly impacts corporate competitiveness, it’s essential to understand and manage such features to adequately protect information. By doing so, organizations can harness the benefits of AI while efficiently mitigating information leakage risks.