Notifications
Clear all
Topic starter
25/06/2026 2:49 pm
TL;DR: ChatGPT can introduce data theft, malicious code, privacy and IP exposure, and ransomware pathways when it is used in ways that move sensitive information into cloud-based AI flows, according to Lasso Security. The deeper issue is that conventional security controls do not fully cover AI-mediated data handling or response paths.
NHIMG editorial — based on content published by Lasso Security: ChatGPT & Cybersecurity: Risks, Benefits & Best Practices
By the numbers:
- Debugging can absorb around 27% of developers’ time.
Questions worth separating out
Q: How should security teams govern employee use of ChatGPT and similar AI tools?
A: Start with explicit data-handling rules, approved use cases, and logging for high-risk interactions.
Q: Why do standard IAM controls not fully solve AI chatbot risk?
A: Because IAM can authenticate users, but it cannot by itself control what those users paste into a model or how they interpret the response.
Q: What do organisations get wrong about AI-generated code?
A: They often treat it as a productivity shortcut instead of as untrusted input that can carry unsafe patterns, hidden assumptions, or manipulated logic.
Practitioner guidance
- Restrict sensitive inputs to AI tools Define which data classes users may never submit to external AI services, including personal data, regulated records, credentials, source code, and proprietary strategy documents.
- Require human review for AI-generated code Treat AI-generated code as untrusted until it passes the same review, testing, and approval gates as third-party code.
- Update acceptable-use controls for AI services Move AI usage into formal policy, with approved use cases, prohibited content, and escalation paths for uncertain scenarios.
What's in the full article
Lasso Security's full post covers the operational detail this post intentionally leaves for the source:
- Practical examples of how ChatGPT can be used for debugging, threat analysis, and code generation in security workflows
- The article's step-by-step security checklist covering antivirus, firewalls, MFA, encrypted channels, and secure API handling
- Specific ways the source frames privacy, IP, and ransomware exposure when AI tools are integrated into business processes
- The vendor's discussion of how its own LLM security tooling fits into the ChatGPT risk model
👉 Read Lasso Security's analysis of ChatGPT cybersecurity risks and best practices →
ChatGPT cybersecurity risks: what IAM teams need to know?
Explore further
25/06/2026 3:59 pm
ChatGPT risk is primarily a governance problem, not just a malware problem. The article shows that the main exposure comes from ordinary users placing sensitive data into an AI service and then acting on the output. That means the real control gap sits at the point where identity, data handling, and user judgement intersect. For practitioners, the lesson is that AI risk has to be governed as a business workflow, not as a narrow security add-on.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to the 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to Oasis Security & ESG.
A question worth separating out:
Q: What should teams do when AI tools are used in security operations?
A: They should define where AI assistance is allowed, require verification of any recommendation before action, and restrict access to sensitive operational context. Security workflows are especially vulnerable to over-trust, so AI output must be treated as advisory until validated by a human operator.
👉 Read our full editorial: ChatGPT cybersecurity risks expose gaps in current IAM controls
