Businesses using ExtraHop’s Reveal(x) 360 can now gain visibility into employees’ use of generative AI tools, thanks to the latest update to the network detection and response (NDR) platform.
The cyber security provider said the functionality will better protect organizations against accidental misuse of AI tools, such as OpenAI ChatGPT, helping them to better understand their risk exposure and whether AI tools are being used in compliance with AI policies.
The move comes at a time when generative AI and AI as a service (AIaaS) tools are being increasingly adopted across the enterprise in a bid to boost productivity.
However, despite its benefits, ExtraHop CEO Patrick Dennis said customers have “expressed a real concern” about employees sending proprietary data and other sensitive information into AI services.
“Until today, there has been no good way to assess the scope of this problem,” he said. “Amid the proliferation of AIaaS, it’s extremely important that we give customers the tools they need to see what is happening across the network, what data is being shared, and what could be at risk.
“With this new capability, our goal is to ensure that they can reap the wide-ranging benefits of generative AI while still maintaining data protections.”
AIaaS and generative AI tools have skyrocketed in recent times as users get to grips with the new technology.
Since its release in November last year, OpenAI’s ChatGPT alone has gone on to amass more than 1 billion users.
AI and cyber security
The promise and truth of the AI security revolution
The key issues for organizations that implement these new AIaaS tools revolve around data leaks and intellectual property (IP) risk as employees input potentially sensitive and confidential information into them.
Once proprietary information has been shared, the service will continue to use that data to process future requests from other users, with the AI being unlikely to understand the effects of re-using the data to which it has access.
Reveal(x)’s new functionality works by providing organizations with visibility into the devices and users on their network that are connecting to external AIaaS domains, as well as information on how much data is being shared with these services.
In some cases, the offering can also detail the type of data and individual files that are being shared.
The platform can do this through its use of network packets as the primary data source for monitoring and analysis, the firm said.
By using a real-time processor, it turns unstructured packets into structured wire data and analyzes payloads and content from OSI Layer 2-7 for complete network visibility.
“ExtraHop believes the productivity benefits of these tools outweigh the data exposure risks, provided organizations understand how these services will use their data (and how long they’ll retain it),” the company said in a blog post.
“And provided organizations not only implement policies governing use of these services but also have a control like Reveal(x) in place that allows them to assess policy compliance and spot risks in real time.”
