From chatbots and creative writing to images and automation, the power and convenience of Artificial Intelligence, advanced Large Language Models and language-processing algorithms cannot be denied.  While you may be anxious to leverage generative AI to help streamline your business processes and simplify communications, it is important to consider the security and privacy implications before adopting these technologies for your business.


The Artificial Intelligence Chatbot, ChatGPT launched in late November of 2022. By January of 2023 ChatGPT had become the fastest-growing consumer software application in history.  In less than three months after release, researchers at Checkpoint found that hackers were using the API version of the program to construct malicious phishing emails.  

Unfortunately, cybercriminals are using AI for more than creating more polished phishing emails and malicious code.  From brand and voice impersonation to fake downloads and data stealing browser extensions, they are using AI to gain the upper hand.


AI tools powered by large language models are trained by user input and vast amounts of online data.

As with any software or online services, users must accept Terms of Use/Service and other agreements to gain access.  It is important to inspect the terms, agreements and policies – you may be surprised by what you find.  For example, OpenAI’s confidentiality provision is unilateral, so confidentiality protection only covers OpenAI’s information, not the information a user inputs or the output produced by the program.

Open AI’s Terms of Use for API or subscription access states that no inputs sent or received from will be used to train its models or improve services and that companies can opt of input and output sent in other ways, but the input and data gathered via consumer services such as DALL-E or ChatGPT accessed for free via the OpenAI website, can be used to train models.

For many people the main focus is limiting their information being shared with third parties and this portion of the Terms of Use appears to cover that for API access and paid subscriptions. However, the unilateral confidentiality provision also means that input data and output data could be available for Open AI to analyze, publish or privately share with third parties.


Research – Check the terms of service/use, privacy policies and data use, retention and storage policies for any AI tools you are considering using for business purposes.  Terms of Service Didn’t Read provides a free overview and “grade” for many major companies and online services based on their terms of service, privacy and data use policies. An overview of OpenAI is available on the ToSDR website.

Company Policies – Ensure your end users have clear and concise rules for the acceptable use of AI tools in the workplace. The policy should address approved/unapproved software and prohibit disclosure of detailed business information, intellectual property, trade secrets and PII.

Legitimate Programs - Unfortunately, SEO poisoning has placed some malicious webpages and downloads within search results. As with any application or program, check to ensure the source is legitimate.

Browser Extensions – “AI powered” browser extensions are everywhere, be sure to evaluate them thoroughly.  These tools can be hiding malware, compromised or faked.  A recent report examining 70 extensions available for the Google Chrome browser found 21% of them were collecting user data, including network monitoring, keystroke logging, and mouse position.

Check Data Output Carefully – AI tools are not infallible.  Data output from AI programs may not be correct or could contain information already protected by intellectual property laws, trademarks or copywrite protections.

Although AI and Large Language Models have been around for decades, the rapid rise of ChatGPT has launched these generative technologies into mainstream, with little oversight and no specific laws to govern its use.  Welcome to Wild West of AI – If you climb into the saddle, be ready to ride.