Chatgpt trust and verification: what IAM teams should do

TL;DR: As ChatGPT adoption spreads, the core risk is not just incorrect answers but unverifiable outputs, privacy exposure, and AI-assisted phishing, according to DigiCert. Independent verification and tighter data handling become the practical controls that matter most when organisations use AI for research, support, and decision-making.

NHIMG editorial — based on content published by DigiCert: How Much Can You Trust ChatGPT? Establishing identity and security while using AI

By the numbers:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should organisations govern employee use of ChatGPT for security work?

A: Treat ChatGPT as an untrusted drafting and research aid, not as an authority.

Q: Why do AI chat tools create risk for identity and access teams?

A: They create risk because users may rely on plausible but unverified output when making identity, access, or security decisions.

Q: How can security teams tell whether AI output is trustworthy enough to use?

A: They should look for an external verification path.

Practitioner guidance

• Define approved AI use cases Classify which identity, security, and operations tasks may use chat-based assistance and which require authoritative sources or human review before action is taken.
• Set prompt data-handling rules Prohibit the entry of secrets, credentials, personal data, and internal operational details unless the platform has been formally approved for that data class.
• Add verification steps to AI-assisted workflows Require users to confirm model outputs against a trusted source before they are used in tickets, approvals, change records, or access decisions.

What's in the full article

DigiCert's full blog post covers the trust and verification detail this post intentionally leaves for the source:

• Examples of how certificate authorities can be used to verify digital assertions
• The article's discussion of how AI output trust may mature alongside digital certificates
• The privacy guidance the author gives for limiting what employees share with chat tools

👉 Read DigiCert's blog post on establishing identity and security while using AI →

Chatgpt trust and verification: what IAM teams should do?

Explore further

View Full Forum →  |  NHI Foundation Course →