Generative AI Content Control in Umbrella SWG DLP
Since ChatGPT’s inception in November of 2022, awareness and adoption of Artificial Intelligence (AI) for individuals ...
Tina Cline
Mar 2, 2024
Since ChatGPT’s inception in November of 2022, awareness and adoption of Artificial Intelligence (AI) for individuals in all professions, from Engineers to Marketing Professionals to Small Business Owners, has increased exponentially.
While AI can greatly enhance and assist businesses in productivity, such as assisting users with blueprints and outlines to help them get started on large projects, and OpEx, such as eliminating the need to hire a dedicated blogger or advertising specialist to promote the company, AI can also pose substantial risks to the organization if not utilized properly.
Artificial intelligence (AI) refers to the simulation of human intelligence programmed into machines which enabled them to think and mimic human actions.
These machines are designed to perform tasks that typically require human intelligence, such as visual perception, speech recognition, decision-making, and language translation. AI technologies also include machine leaning, which allows machines to learn and improve over time without needing to be programmed to do so.
What is Generative AI (GenAI)?
Generative Artificial Intelligence (GenAI) refers to a class of artificial intelligence algorithms and models that can generate new, original content such as images, text, audio, and video. GenAI was designed to understand and replicate patterns in data, enabling them to create new examples that are like the data that they were trained on.
Generative AI is often used in creative applications, such as art generation, music composition, and content creation, as well as in more practical applications like data synthesis and augmentation.
Generative AI allows for the ability to create content, whereas Conversational AI focuses on creating a conversational experience, and is typically utilized for applications such as chatbots and virtual assistants.
Chat GPT
Popular Generative AI application ChatGPT can be categorized within both AI categories, as it has both conversational aspects, as well as the ability to generate new content, code, etc.
ChatGPT is an advanced AI chatbot developed by OpenAI which utilizes cutting-edge Natural Language Processing (NLP) model that uses a neural network architecture to provide responses.
Or, in other words, Chat GPT can answer questions without being told what the answer is by utilizing its own intellect.
Chat CPT is also able to perform actions that may assist businesses in reducing “human error,” such as the ability to proofread code, search code for bugs, and provide sample code structures for various code languages.
Potential Risks in Utilizing GenAI
While utilizing Generative AI solutions, such as Chat GPT or Google Gemini can increase productivity, Allow for rapid content creation, increase efficiency, and reduce OpEx in organizations, it can also pose various threats to users and organizations.
These issues include, but are not limited to:
- Data Privacy and Sensitive Data Issues: Generative models that have been trained or utilize sensitive data may unintentionally reveal private information if the generated outputs contain details from the training data.
- Model Manipulation: As with any data source, the modeling in Generative AI can be infiltrated. For instance, hackers could manipulate models to generate malicious content, such as fake news, forged images, literature, or code.
- Inconsistent Quality of Results: If AI is not as familiar with, or if limited data exists or hasn’t been recently updated around the topic, it could generate low-quality results.
- Model Security: Like any AI model, generative models could be vulnerable to attacks. For example, small issues added to input data can lead to significant changes in the GenAI’s output.
- Unintentional Bias: Generative models may inherit biases present in the training data, leading to unintentional bias in data outputs.
- Intellectual Property Infringement: There are concerns about the potential misuse of generative models to create counterfeit products, infringe copyright data, incorrect or inaccurate info, generate faulty code, etc.
- Ethical Issues in Generated Content: Generated content could be used to deceive or manipulate individuals, leading to social engineering attacks or misinformation campaigns.
- Lack of “Human Touch” in responses: Lack of human characteristics that typically make content memorable and meaningful, such as cadence, personality, voice and humor.
Addressing GenAI security requires a combination of technical solutions, as well as implementing policy and regulatory measures to ensure the responsible use of Generative AI technologies.
Generative AI Capabilities in Cisco Umbrella Secure Web Gateway
Umbrella’s CASB Data Loss Prevention (DLP) solution within the Umbrella Secure Web Gateway allows the uncovering of Shadow IT, as well as Application Risk Insight, by enabling enhanced visibility around the applications that are being utilized within the organization, as well as their weighted risk score.
Umbrella SWG offers two types of DLP:
• Real time DLP: Scans, inspects, and blocks user requests in real-time
• SaaS API DLP: Scans Data-At-Rest in cloud platforms, such as Webex or 0365 for DLP controls, such as PII data
Within Umbrella’s SWG Application capabilities, organizations are also able to discover, assess, and block ChatGPT Usage.
Organizations have two options available to control the use of ChatGPT:
1) Block/Allow access entirely for users or groups of users to the ChatGPT Web App via a content category in DNS Security
2) Control and enforce safe ChatGPT usage via DLP policy in Umbrella Secure Web Gateway (SWG)
Additionally, Umbrella SWG DLP is able to monitor GenerativeAI uploaded information as well as generated outputs, with the ability to block both inbound and outbound data.
How it works:
- Umbrella scans ChatGPT responses using Real-time DLP policy, which means that Umbrella can inspect a user’s request in real-time and block the request
- Real-Time DLP scans outbound traffic, such as ChatGPT prompts, to prevent sensitive date leakage
- Inbound traffic for ChatGPT can also be scanned, if desired, allowing for the control of the type of data that is submitted to the app
- Umbrella also allows for the scanning of ChatGPT responses for any type of generated content they may wish to monitor or block
The granularity of control that Umbrella allows around GenerativeAI empowers security teams to allow application access and usage to boost productivity, while also ensuring safe access for both the organization and its users.