Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Chatgpt trust and verification: what IAM teams should do


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: As ChatGPT adoption spreads, the core risk is not just incorrect answers but unverifiable outputs, privacy exposure, and AI-assisted phishing, according to DigiCert. Independent verification and tighter data handling become the practical controls that matter most when organisations use AI for research, support, and decision-making.

NHIMG editorial — based on content published by DigiCert: How Much Can You Trust ChatGPT? Establishing identity and security while using AI

By the numbers:

Questions worth separating out

Q: How should organisations govern employee use of ChatGPT for security work?

A: Treat ChatGPT as an untrusted drafting and research aid, not as an authority.

Q: Why do AI chat tools create risk for identity and access teams?

A: They create risk because users may rely on plausible but unverified output when making identity, access, or security decisions.

Q: How can security teams tell whether AI output is trustworthy enough to use?

A: They should look for an external verification path.

Practitioner guidance

  • Define approved AI use cases Classify which identity, security, and operations tasks may use chat-based assistance and which require authoritative sources or human review before action is taken.
  • Set prompt data-handling rules Prohibit the entry of secrets, credentials, personal data, and internal operational details unless the platform has been formally approved for that data class.
  • Add verification steps to AI-assisted workflows Require users to confirm model outputs against a trusted source before they are used in tickets, approvals, change records, or access decisions.

What's in the full article

DigiCert's full blog post covers the trust and verification detail this post intentionally leaves for the source:

  • Examples of how certificate authorities can be used to verify digital assertions
  • The article's discussion of how AI output trust may mature alongside digital certificates
  • The privacy guidance the author gives for limiting what employees share with chat tools

👉 Read DigiCert's blog post on establishing identity and security while using AI →

Chatgpt trust and verification: what IAM teams should do?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Trust in AI output is an identity problem before it is a model problem. The article correctly shifts attention away from whether ChatGPT is clever and toward whether its outputs can be trusted in operational use. That is the same governance question IAM teams ask for credentials, certificates, and service accounts: what assertion is being accepted, and by whom. The practitioner conclusion is that AI output without verification should never be treated as a trusted control input.

A few things that frame the scale:

  • 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
  • 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to our research.

A question worth separating out:

Q: What should employees avoid sharing with ChatGPT and similar tools?

A: Employees should avoid sharing secrets, credentials, internal code, personal data, and confidential business information unless the organisation has approved that specific platform and use case. Anything that would be unsafe to post publicly should be considered unsafe to prompt into an AI tool.

👉 Read our full editorial: Chatgpt trust depends on verification, not blind confidence



   
ReplyQuote
Share: