Work With AI Securely

How does artificial intelligence work?

AI systems like ChatGPT can be roughly described as "sentence completers." They are fed a variety of data, including web pages, books, online forums, and social media. This data is analyzed and broken down into individual fragments, such as words or even chunks of words. Using all this input data, the computer system creates statistical patterns and calculates the probability of which word should follow next.

A question such as "What color is snow?" is therefore not a real question for an AI system, to which it has a fixed answer. Rather, the system recognizes the beginning of a sentence and completes it based on statistical patterns and probabilities. For example, the most likely next word for the sentence "What color is snow?" would be "snow," followed by "is" and "white."

To us, that may look like an answer. But to the AI, it's just the most likely completion of the sentence based on the data it's been fed.

AI is continually being trained as well. If users provide feedback that an answer is not perfect, for example because snow can be other colors (such as slushy gray), the probabilities for the next word change and the sentence may be completed to "snow is usually white." In this way, the AI "learns".

So what does this mean for information in everyday work?

Artificial intelligence will positively impact our everyday work, especially when it comes down to finding answers to standardized questions. However, we should never blindly trust the answers. After all, ChatGPT and the like can only output the probabilities for the next words. For example, if the topic "color of snow" was not previously included in the database and someone feeds the input "snow is blue" several times, the AI would complete the sentence just as naturally reuslting in the answer "Snow is blue". After all, this word combination would have the highest probability. So an AI works well for queries that have already been in the database countless times, but not necessarily for new of niche topics.

Please remember: an AI processes every interaction and every newly added word and integrates it into its following calculations and uses the input to expand its database. This is how machine learning works. Therefore, we should never feed public AI systems with sensitive information such as confidential documents, special software snippets, personal or customer data etc. All the data you enter will be processed and possibly integrated into future outputs. This could leak confidential information or personal data to the public. Therefore, please use AI systems with caution.

How to use AI securely

Beware of fake plug-ins and apps – don't trust software from the internet!

Artificial intelligence naturally not only offers diverse opportunities and advantages for companies, but also for criminals who are taking advantage of the hype surrounding AI.

• For weeks, there was a fake ChatGPT plug-in on the Google Webstore that stole Facebook credentials. It was even displayed as an ad in search results via Google Ads and downloaded millions of times before it was removed.
• Other criminals offered a ChatGPT desktop app for Windows on the Internet. Those who installed it installed malware that spied on credentials.

This is precisely why the same principle applies in cyber security with regard to artificial intelligence: In most companies, you are not allowed to download software from the Internet on your own. In your private life, too, make sure that you only install software from reputable sources and read appropriate reviews beforehand.

Tips for users: how to use AI systems securely

Treat freely available AI systems like public cloud systems as you would social media. Any of your input can end up as output to someone else. Therefore:

• Do not feed confidential information to ChatGPT or other AI systems.
• Do not give personal data such as names, health data or images as examples, neither from you, nor from customers or other persons.
• Don't upload process flows, network diagrams or code snippets from software. The next user may get your network plan as ChatGPT output.
   

Don't blindly trust the answers given out by the AI.

While these are often correct, they can also be:

• simply wrong, even though they sound legitimate
• outdated. ChatGPT has long worked with a database from 2021. For many other systems, the exact database is not even known at all.
• biased because the input data was also biased. One example: An AI will very likely give you a middle-aged white man as the answer to the question "who is suitable as a manager in the company". Not because this type of person has the best qualifications, but by far the highest probability.

Tips for security professionals: how to raise awareness among employees

AI will conquer the working world and is already in the midst of doing so.

That's why you should provide company-wide training on the topic of "using AI securely" and raise awareness of it:

• Create guidelines for the use of AI systems. Employees need to know what they are allowed or prohibited to do in relation to AI.
• Train and educate employees, through e-learning nuggets or intranet content. This is essential for them to not only understand how to use AI, but also properly assess the associated risks and have best security practices to fall back on at all times.
• Use the momentum to communicate other security-related topics (e.g. protection of personal data). Webinars on AI have zillions of times higher registration rates than webinars on data protection 😁.
   

In our protected demo area, you will find a cyber security training course on artificial intelligence designed by our security experts. This allows you to train your employees in the secure use of artificial intelligence.