>
    How Enterprise DLP Safeguards Against ChatGPT Data Leakage
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Enterprise DLP Administration
    4. Configure Enterprise DLP
    5. Enterprise DLP and AI Apps
    6. How Enterprise DLP Safeguards Against ChatGPT Data Leakage
    Download PDF
    Enterprise DLP

    How Enterprise DLP Safeguards Against ChatGPT Data Leakage

    Table of Contents

    How Enterprise DLP Safeguards Against ChatGPT Data Leakage

    Learn more about how
    Enterprise Data Loss Prevention (E-DLP)
     safeguard your sensitive data from exfiltration through ChatGPT.
    Where Can I Use This?
    What Do I Need?
    • NGFW (Panorama Managed)
    • Prisma Access (Managed by Strata Cloud Manager)
    • SaaS Security
    • NGFW (Cloud Managed)
    • Enterprise Data Loss Prevention (E-DLP)
       license
    • NGFW (Panorama Managed)
      —Support and
      Panorama
       device management licenses
    • Prisma Access (Managed by Strata Cloud Manager)
      Prisma Access
       license
    • SaaS Security
      SaaS Security
       license
    • NGFW (Cloud Managed)
      —Support and
      AIOps for NGFW Premium
       licenses
    Or any of the following licenses that include the
    Enterprise DLP
     license
    • Prisma Access
       CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X)
       license
    • Data Security
       license
    Learn more about using
    Enterprise Data Loss Prevention (E-DLP)
     in your Security policy rules to prevent data exfiltration to ChatGPT.
    With the rise of generative Artificial Intelligence (AI), new Natural Language Processing and Generation (NPL/NLG) interface-based apps have seen unprecedented adoption. ChatGPT is a popular generative pre-trained transformer (GPT) language model application and presents an ever increasing risk of exfiltration of sensitive data.
    Palo Alto Networks
     maintains its commitment to a holistic approach on data security.
    Enterprise DLP
     offers immediate prevention of sensitive data exfiltration to AI apps like ChatGPT.

    Existing ChatGPT Traffic - Discovery

    Before you use
    Enterprise DLP
     to prevent data exfiltration to ChatGPT, it is important to understand by who and how often ChatGPT is accessed on your network.
    Panorama
    ,
    Prisma Access (Managed by Panorama)
    ,
    Cloud Management
    , and
    Next-Generation CASB for Prisma Access and NGFW
    allows users to monitor all egress activity and easily identify new AI app usage by employees on your network.
    Panorama
    Use the Unified Log View for
    Panorama
     managed firewalls and
    Panorama Managed Prisma Access
    .
    • Use the Unified Log View (
      Monitor
      Logs
      Unified
      ) to discover traffic to ChatGPT.
    • ChatGPT traffic is captured through the App ID
      openai-chatgpt
       and can be found with the following filter query:
      (app eq openai-chatgpt)
    Strata Cloud Manager
    Use the Log Viewer for
    Prisma Access (Managed by Strata Cloud Manager)
     and
    SaaS Security
    .
    • Use Log Viewer (
      Activity
      Logs
      Logs Viewer
      ) to discover traffic to ChatGPT.
    • ChatGPT traffic is captured through the App ID
      openai-chatgpt
       and can be found with the following app filter query:
      app = 'openai-chatgpt'
    Next-Generation CASB
    • Use the Discovered Apps (
      Discovered Apps
      Applications
      ) to discover traffic to ChatGPT.
      • Add Filter
         to narrow down the
        Category
         to
        Artificial Intelligence
         applications and
        Tag
         as
        Unknown
        .
        This filter allows you to narrow down all traffic to uncategorised AI applications on your network. Uncategorised applications display as
        unknown
         but can be manually recategorized as
        sanctioned
        ,
        unsanctioned
        , or
        tolerated
         once the initial discovery is completed based on your organization's risk posture.
      • Alternatively, you can search for
        ChatGPT
         in the
        Search Application Name
         search bar.

    Block or Allow ChatGPT

    How to Block ChatGPT
    You can choose to block access to ChatGPT entirely using the App ID if the risk of employees having access to ChatGPT messaging and API features is too high. For
    Next-Generation CASB for Prisma Access and NGFW
    , you can block access to ChatGPT through the
    Artificial Intelligence
     category.
    • Panorama
       — Create an Application Block Rule to explicitly block traffic to ChatGPT.
      The application block rule applies to Panorama managed firewalls and
      Panorama Managed Prisma Access
    • Cloud Management
      —In Discovered Apps (
      Manage
      Configuration
      SaaS Security
      Discovered Apps
      Applications
      ) and filter for ChatGPT to block access (
      Actions
      Block Access
      ).
      Additionally, you can select
      Actions
      Tag
       to apply existing unsanctioned, tolerated, or sanctioned app policies for egress traffic to ChatGPT.
      This applies to
      Prisma Access (Managed by Strata Cloud Manager)
       and
      SaaS Security
      .
    • Next-Generation CASB
      —In Discovered Apps (
      Visibility
      Discovered Apps
      Applications
      ) and filter for ChatGPT to block access (
      Actions
      Block Access
      ).
      Additionally, you can select
      Actions
      Tag
       to apply existing unsanctioned, tolerated, or sanctioned app policies for egress traffic to ChatGPT.
    Allow ChatGPT and Prevent Exfiltration of Sensitive Data
    With
    Enterprise DLP
     you can create new or leverage existing data detection logic for data sent to ChatGPT through chat or API.
    Enterprise DLP
     can perform in-line content inspection to identify and stop sensitive data loss to generative AI apps such as ChatGPT without completely blocking access. This will allow your employees to continue to access ChatGPT while ensuring no sensitive data is mishandled and leaves your network.
    To allow access to ChatGPT on your network while preventing data leakage, you must create a Security policy rule using an
    Enterprise DLP
     data profile.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.