Samsung bans staff AI use over data leak concerns

Samsung has reportedly banned employee use of generative AI tools like ChatGPT in a bid to stop transmission of sensitive internal data to external servers.

The South Korean electronics giant issued a memo to a key division, notifying employees not to use AI tools, according to a report by Bloomberg, which said it reviewed the memo. Bloomberg did not report which division received the memo.

In addition, employees using ChatGPT and other AI tools on personal devices were warned to not upload company related data or other information that could compromise the company’s intellectual property. Doing so, the memo said, could result in employment termination.

The memo expressed concerns over inputting data such as sensitive code on AI platforms. The worry is that anything that is typed onto an AI tool like ChatGPT will then reside on external servers, which makes retrieving and deleting them very difficult, and also potentially making them accessible by other users.

“Interest in generative AI platforms such as ChatGPT has been growing internally and externally,” the memo said. “While this interest focuses on the usefulness and efficiency of these platforms, there are also growing concerns about security risks presented by generative AI.”

The memo comes in the wake of a March notification by Microsoft-backed OpenAI, the creator of ChatGPT, that a bug in an open-source library — since fixed — allowed some ChatGPT users to see titles from another active user’s chat history.

Samsung’s ban on the tool also comes a month after an internal survey it conducted to understand the security risks associated with AI. About 65% of employees surveyed said ChatGPT posed serious security threats. In addition, in April, Samsung engineers “accidentally leaked internal source code by uploading it to ChatGPT,” according to the memo. The memo did not, however, reveal what the code was, precisely, and did not elaborate on whether the code was simply typed into ChatGPT, or whether it was also inspected by anyone external to Samsung.

Fearing the potential ChatGPT  and other AI systems to leak private data and spread false information, regulators have begun to consider restrictions on their use. The European Parliament, for instance, is days away from finalizing an AI Act, and the European Data Protection Board (EDPB) is assembling an AI task force, focusing on ChatGPT, to examine potential AI dangers.

Last month, Italy imposed privacy-based restrictions on ChatGPT and temporarily banned its operation in the country. OpenAI agreed to make changes requested by Italian regulators, after which it relaunched the service.

Companies that offer AI tools are starting to respond to concerns about privacy and data leakage. OpenAI last month announced that it would allow users to turn off the chat history feature for ChatGPT. The “history disabled” feature means that conversations marked as such won’t be used to train OpenAI’s underlying models, and won’t be displayed in the history sidebar, the comany said.

Samsung, meanwhile, is working on internal AI tools for translating and summarizing documents as well as for software development, according to media reports. It’s also working on ways to block the upload of sensitive company information to external services.

“HQ is reviewing security measures to create a secure environment for safely using generative AI to enhance employees’ productivity and efficiency,” the memo said. “However, until these measures are prepared, we are temporarily restricting the use of generative AI.”

With this move Samsung joins the expanding group of companies that have exercised some form of restriction on this disruptive technology. Among them are Wall Street banks including JPMorgan Chase, Bank of America, and CitiGroup.

http://www.computerworld.com/category/security/index.rss