How Enterprise DLP Safeguards Against ChatGPT Data Leakage
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
How Enterprise DLP Safeguards Against ChatGPT Data Leakage
Learn more about how
Enterprise Data Loss Prevention (E-DLP)
safeguard your sensitive data from
exfiltration through ChatGPT.Learn more about using
Enterprise DLP
to prevent data exfiltration to ChatGPT.With the rise of generative Artificial Intelligence (AI), new Natural Language Processing
and Generation (NPL/NLG) interface-based apps have seen unprecedented adoption. ChatGPT
is a popular generative pre-trained transformer (GPT) language model application and
presents an ever increasing risk of exfiltration of sensitive data.
Palo Alto Networks
maintains its commitment to a holistic approach on data security. Enterprise Data Loss Prevention (E-DLP)
deployed on Panorama
managed firewalls, Prisma Access
(Panorama Managed)
, Prisma Access
(Cloud Management)
, and SaaS Security offers immediate prevention
of sensitive data exfiltration to AI apps like ChatGPT. Existing ChatGPT Traffic - Discovery
Before you use
Enterprise DLP
to prevent data exfiltration to ChatGPT, it is
important to understand by who and how often ChatGPT is accessed on your network.
Panorama
, Prisma Access
(Panorama Managed)
, Cloud Management
, and Next-Generation
CASB for Prisma Access and NGFW
allows users to monitor all egress activity and easily identify
new AI app usage by employees on your network. Panorama
Use the Unified Log View for
Panorama
managed firewalls and Panorama Managed
Prisma Access
.- Use the Unified Log View () to discover traffic to ChatGPT.MonitorLogsUnified
- ChatGPT traffic is captured through the App IDopenai-chatgptand can be found with the following filter query:(app eq openai-chatgpt)
Cloud Management
Use the Log Viewer for
Prisma Access
(Cloud Management)
and SaaS Security.- Use Log Viewer () to discover traffic to ChatGPT.ActivityLogsLogs Viewer
- ChatGPT traffic is captured through the App IDopenai-chatgptand can be found with the following app filter query:app = 'openai-chatgpt'

Next-Generation CASB
- Use the Discovered Apps () to discover traffic to ChatGPT.Discovered AppsApplications
- Add Filterto narrow down theCategorytoArtificial Intelligenceapplications andTagasUnknown.This filter allows you to narrow down all traffic to uncategorised AI applications on your network. Uncategorised applications display asunknownbut can be manually recategorized assanctioned,unsanctioned, ortoleratedonce the initial discovery is completed based on your organization's risk posture.
- Alternatively, you can search forChatGPTin theSearch Application Namesearch bar.

Block or Allow ChatGPT
How to Block ChatGPT
You can choose to block access to ChatGPT entirely using the App ID if the risk of
employees having access to ChatGPT messaging and API features is too high. For
Next-Generation
CASB for Prisma Access and NGFW
, you can block access to ChatGPT through the
Artificial Intelligence
category.- — Create an Application Block Rule to explicitly block traffic to ChatGPT.PanoramaThe application block rule applies to Panorama managed firewalls andPanorama Managed Prisma Access
- —In Discovered Apps (Cloud Management) and filter for ChatGPT to block access (ManageConfigurationSaaS SecurityDiscovered AppsApplications).ActionsBlock AccessAdditionally, you can selectto apply existing unsanctioned, tolerated, or sanctioned app policies for egress traffic to ChatGPT.ActionsTagThis applies toPrisma Access (Cloud Management)and SaaS Security.
- Next-Generation CASB—In Discovered Apps () and filter for ChatGPT to block access (VisibilityDiscovered AppsApplications).ActionsBlock AccessAdditionally, you can selectto apply existing unsanctioned, tolerated, or sanctioned app policies for egress traffic to ChatGPT.ActionsTag
Allow ChatGPT and Prevent Exfiltration of Sensitive Data
With
Enterprise DLP
you can create new or leverage existing data detection logic
for data sent to ChatGPT through chat or API. Enterprise DLP
can perform
in-line content inspection to identify and stop sensitive data loss to generative AI
apps such as ChatGPT without completely blocking access. This will allow your
employees to continue to access ChatGPT while ensuring no sensitive data is
mishandled and leaves your network.To allow access to ChatGPT on your network while preventing data leakage, you must
create a Security policy rule using an
Enterprise DLP
data profile.