Artificial Intelligence (AI) has gained great popularity in recent years, especially with the arrival of applications such as ChatGPT and Gemini, both easily accessible; which has accelerated its implementation in multiple work areas, by facilitating tasks and automating processes.
The use of this technology not only brings benefits, but there are also risks to the security of information, both personal and organizational. “Technology gives us a window to the world, but it can also open doors to the vulnerability of our personal and organizational information,” said José Amado, manager of the Digital Identities Practice at SISAP.
Amado said that one of the biggest risks when using Artificial Intelligence applications is the uncertainty regarding how they handle private data. “ChatGPT, for example, is a program that needs a large amount of information to train itself, which we provide it every time we use it, data that is stored in a cloud out of our reach,” he explained.
“Let’s imagine that a collaborator in the office needs to make a summary of an executive report, and to save himself work, he copies it to ChatGPT and asks it to be done for him. This would give him full access to the report, company information, among other data, which is now stored in the cloud and we don’t know who can access it,” said Amado.
These privacy concerns must be present in the organization when considering the implementation of Artificial Intelligence. Once data is shared with these applications, it cannot be deleted or returned, so it is important to train employees on these technologies and their uses, and thus prevent them from sharing sensitive or confidential information with them.
Applications created by Artificial Intelligence and their vulnerability
Through Artificial Intelligence, it has been possible to perform programming tasks, such as writing the source code for new applications and websites; this undoubtedly makes the work of programmers and/or people with little experience in the subject easier. The code for more than 65% of applications is being written with Artificial Intelligence.
For the expert, the problem is that Artificial Intelligence will generally generate similar or identical code for several users, so it is possible that several organizations manage practically the same software or application.
“If everyone shares the same AI-generated code, they will also share the same vulnerabilities, making it easier for any cybercriminal to access them,” Amado said.
The trend shows that this risk will continue to increase, especially due to the dynamism and speed with which new applications and systems are being created. Therefore, Amado recommends that organizations not use Artificial Intelligence (AI) to generate the codes they need, but instead resort to traditional methods, which may be slower, but in the long run will provide greater security.
The dark side of Artificial Intelligence applications
While ChatGPT and Gemini aim to support and facilitate people’s daily tasks, there are similar applications with malicious purposes, which seek to help cybercriminals improve their attack methods and remain undetected.
“Some examples of malicious GPTs are WormGPT, FraudGPT and PoisonGPT, which can perform tasks ranging from writing credible phishing emails to writing malware code to extract information,” Amado warned.
The expert stresses the importance of knowing about these types of applications, since with their help the risk of organizations suffering cyber attacks and falling victim to ransomware increases.
If your organization uses Artificial Intelligence for programming applications or websites, or employees use applications such as Chat GPT, Amado recommends that they approach a cybersecurity solutions company, such as SISAP, who can perform an analysis of their vulnerabilities and increase their defenses against cyberattacks.
About SISAP
SISAP, Sistemas Aplicativos SA is a company founded in Guatemala City in 1985, a leader in the Information Technology and Security market in 10 countries in the region. It has a broad portfolio of services and solutions focused on the area of information security, with more than 1,000 certifications that accredit the service they provide to their clients.
With more than 39 years of experience, they are the leaders in providing security solutions and services to clients in Latin America, through a payroll of more than 400 employees (60% are engineers), forensic laboratories, a training academy, cybersecuritymore than 100 allied brands, and different regional offices, located in Guatemala, El Salvador, Honduras, Nicaragua, Costa Rica, Panama, Dominican Republic, Colombia, Mexico and the United States.
