Is ChatGPT safe to use? Security risks explained

Generative AI (Artificial Intelligence) solutions like ChatGPT by OpenAI have become an everyday tool for hundreds of millions of people around the globe. With reliance on AI growing exponentially, it is more important than ever to consider the safety and potential security risks of such tools.

ChatGPT is currently the most popular chatbot used for daily personal and work tasks. But can you trust it, and is it safe to use?

Let’s take a closer look at ChatGPT, its security risks and measures, and how to stay safe while using it.

Is ChatGPT safe?

ChatGPT is generally considered safe to use; however, there might be some privacy concerns. While it has multiple built-in security features, just like any other online tool, it is not immune to cyberthreats.

As a ChatGPT user, you should practice good digital hygiene, stay informed about potential AI-associated risks, and take precautions to protect yourself online.

ChatGPT security measures for your protection

First, let’s see what ChatGPT does to protect its users.

On their website, OpenAI claims to be committed to user safety, privacy, and trust. Here are some of the steps that were taken to make ChatGPT a more secure platform:

• Encryption. To reduce interception and prevent unauthorized access, OpenAI uses secure protocols to encrypt your data in transit;
• Audits and monitoring. ChatGPT is regularly audited and assessed internally by third-party auditing companies to identify vulnerabilities and improve security practices;
• Bug Bounty Program. OpenAI’s Bug Bounty Program encourages external security researchers to identify and disclose vulnerabilities. It helps with discovering and eliminating various security flaws;
• Transparency policies. To ensure transparency in its security practices, OpenAI regularly publishes updates and findings, sharing key information about security efforts. This encourages accountability, trust, and open dialogue with users;
• Compliance measures. To protect users’ data and ensure their right to privacy, OpenAI complies with data protection laws like GDPR and CCPA. Additionally, strict terms of service help prevent misuse of ChatGPT;
• Access controls. OpenAI has strict access controls to its systems, models, and data, limiting access to authorized personnel only. This helps prevent unauthorized use, exposure, or security breaches;
• Safety filters. OpenAI also has strict content guidelines and applies safety filters that detect and prevent the generation of harmful, inappropriate, illegal, or biased responses.

These security measures help make ChatGPT a more secure and responsible platform for its users.

ChatGPT security risks

While ChatGPT is generally safe, using it still comes with some potential privacy and security risks. Some, like social engineering, might not be directly related to your interaction with the chatbot, but rather to bad actors using it as a malicious tool instead.

Here are some of the top ChatGPT security concerns:

1. Privacy risks

OpenAI has multiple security approaches implemented to protect user data. It doesn’t sell personal details and complies with privacy laws. However, AI tools are not immune to data breaches, and despite these safeguards, some security risks remain.

ChatGPT retains your chat history for at least 30 days and can use your input information to “provide, maintain, develop, and improve” its services. You can manage this by disabling the Improve the model for everyone option, which prevents conversations from being used for model training.

Still, you should not include your private data and confidential information in your conversations with ChatGPT. Even if you opt out of participating in the ChatGPT model training, all details you provide in your prompts might get exposed.

If there’s a security failure, such as a data breach or unauthorized account access, malicious actors could potentially get access to your account and view complete chat histories that may include sensitive information shared during conversations.

2. Data breaches

You can have a simple chat with ChatGPT without registering and logging in. However, to use more advanced features, such as the voice mode or the Reason function, or to upload a file, you have to create an OpenAI account.

To register on the platform, you need to provide your full name, email address, and date of birth. Signing up for an upgraded ChatGPT version also requires your payment details.

As per OpenAI Privacy Policy, the service collects:

• Your account information;
• User content, including “prompts and other content you upload, such as files⁠, images, and audio⁠;”
• Personal data you may share during communications with the service via email or on social media;
• Other information you may provide while participating in events or surveys;
• Log data, usage data, device information, location information, cookies, etc.

The Privacy Policy also states that OpenAI can disclose your personal data to vendors and service providers, government authorities and other third parties “in compliance with the law,” affiliates, business account administrators, and more.

Having all this information collected and stored can potentially put it at risk of being exposed in case of a data breach. However, such risk exists with pretty much any online service — how big or small the risk depends on how well the company protects itself against hacking.

3. Misinformation and fake news

With the internet becoming more and more accessible globally, misinformation and the spread of fake news have become a serious issue in recent years. People are able to publish whatever they wish online on forums, social media, and even full-blown websites dedicated to disinformation.

AI tools like ChatGPT are trained on enormous amounts of data, which, unfortunately, may include inaccurate and maliciously incorrect information. At the same time, people’s trust in generative AI is growing, with many starting to use ChatGPT as a replacement for search engines like Google.

The problem here is that people may regard ChatGPT’s responses as a reliable source of information when, in reality, they might be what is known as hallucination. AI hallucinations include misleading answers based on outdated or false online publications and even made-up information by the chatbot, presented as facts.

The ChatGPT chatbot itself has a disclaimer stating that “ChatGPT can make mistakes. Check important info.” So, it’s crucial to always do your own research and double-check the information ChatGPT provides.

4. Fake ChatGPT applications

Cybercriminals often try to trick people into revealing sensitive data or scam them out of money by pretending to be a legitimate service. Considering its popularity, ChatGPT is no exception.

There have been multiple instances of fake ChatGPT apps appearing in app stores and across the internet — with some of them designed to spread malware or charge users for services that OpenAI provides for free. And while most scam apps seem to have been removed from official stores, some risks still remain.

You may come across phishing messages on social media or email that promote ChatGPT services. In reality, they could link to a malicious website or make you download a fake ChatGPT app. Interacting with such an app can have dire consequences, like financial loss or identity theft.

5. Phishing scams

Phishing has been one of the biggest threats online for a while now and doesn’t seem to be stopping anytime soon. While efforts have been made to put an end to it, there is no 100% protection from social engineering tactics, as they rely on human psychology and error.

Before generative AI, phishing scams were easier to identify as long as you knew what to look for. Spelling mistakes, bad grammar, and odd phrasing or style would be the dead giveaways of many phishing emails or text messages.

Now, however, highly advanced AI tools, especially those with readily available free versions like ChatGPT, have made it extra easy for scammers. With a single prompt, they can generate perfect text in any language, imitate the style of any company or service, and create hundreds of believable phishing messages in a matter of minutes.

Additionally, OpenAI technology can be used to create convincing fake customer service chatbots to further trick people into believing the legitimacy of the phishing attempt.

6. Malware creation

ChatGPT can do way more than just chat. Apart from writing elaborate texts, it can also produce hundreds of lines of code that would take even an experienced programmer hours to write in mere seconds. It’s an excellent time-saving tool, but it could potentially be used for malicious purposes.

While ChatGPT has preventative measures in place to block attempts to generate malicious code and create malware, hackers with enough knowledge and experience might try to manipulate the chatbot and bypass these restrictions.

These malicious apps can infect your device, spread malware, steal your login credentials and other sensitive data, attempt to extract payment information, and even monitor your activity without your knowledge.

What you should never share with ChatGPT

ChatGPT and other similar generative AI tools can be a great help both for personal tasks and work. However, to ensure your personal and workplace privacy stays intact, there are some things you should never share in your prompts:

1. PII (Personal Identifiable Information). You shouldn’t share any personal details that may help identify you. These include your full name, date of birth, address, phone number, social security number, email address, and even details like the schools you went to or pets you had.
2. Financial and banking details. While asking ChatGPT for budgeting tips is completely fine, you should never disclose your bank account credentials, credit card numbers, and other payment details in your chats.
   If that information ended up in a data breach, cyber criminals could use it for financial fraud and leave you in big financial trouble.
3. Login credentials and passwords. Having your credentials spelled out in a chat is not a good idea. If someone gains unauthorized access to your chat history, they could use them to hack into your accounts.
   If you’re having difficulty remembering all your logins and passwords, you should not ask ChatGPT to store them for you. The same goes for generating strong passwords — instead, use a trusted password manager.
4. Confidential or sensitive data. You should avoid sharing confidential or sensitive information, such as private communications, internal company documents, client data, or non-public work-related details.
   Disclosing such information could lead to unintended exposure, reputational damage, legal consequences, or harm to your organization’s competitive position.
5. Intellectual property. Information like proprietary processes, trade secrets, patented ideas, source code, or copyrighted material should also never be shared in your chats. Disclosing this type of information in a third-party tool can lead to unauthorized use, loss of ownership rights, or diminished commercial value.
   To protect your or the company’s creative work and innovations, ensure that all intellectual property remains secure and outside AI interactions.

For safe prompt engineering, you should not use confidential data or any sensitive information.

Some crucial AI guidelines you should know: “Trust, but verify,” “Trash in — trash out,” and “Don’t feed the bots with your secrets.”

– Balys Rutkauskas, Cyber Security Engineer at Surfshark

How to stay safe while using ChatGPT

To improve your security while using ChatGPT, you can take these steps:

1. Avoid sharing sensitive data

You should always exercise caution and share as little of your personal data online as possible. ChatGPT is no exception.

In your prompts, avoid sharing any confidential data, financial details, and other personal information that could potentially put you or your workplace at risk if it ever got exposed to third parties.

2. Review privacy policies and settings

Familiarize yourself with OpenAI’s Privacy Policy, Terms of Use, Security, and other policies. This way, you’ll know what happens with your data and will be more aware of what you’re sharing with the chatbot.

Additionally, go to your ChatGPT account settings and adjust them according to your preferences. For example, turning off Memory or Improve the model for everyone settings might help limit your data exposure.

3. Use strong passwords

Set up strong, unique passwords for all your accounts, including ChatGPT. And be sure to change them periodically.

Having a strong password of at least 12 characters (including lower and uppercase letters, numbers, and symbols) minimizes the risk of a successful brute-force attack. Not reusing your passwords helps protect your accounts in case one gets compromised.

4. Use antivirus software

While using the official chatbot shouldn’t infect your devices with any malware, you may come across threats while browsing online during or after your conversations with ChatGPT.

You can also encounter malicious software when accidentally clicking on a phishing link or downloading a convincing fake app.

All of these scenarios are common, so having a good antivirus installed on your devices is a must.

5. Stay informed about security threats

The most powerful tool against cybersecurity threats is your knowledge.

Educate yourself and stay informed about artificial intelligence, its security, related threats, and trends. The knowledge you gain will help you navigate the AI world more safely and avoid potential risks.

6. Use anonymous accounts

For an added layer of security and privacy, consider using a temporary or anonymous account for your interactions with ChatGPT. You can use services like Alternative ID to create an online alias and provide these details when signing up for a free ChatGPT version.

7. Use a VPN for extra security

No matter how careful and discreet you are while using ChatGPT, simply being online poses some risks.

To safeguard your online connection and improve your privacy, you can use a VPN (Virtual Private Network). Services like Surfshark VPN hide your IP address and encrypt your online activity, including preventing ISPs, network administrators, or hackers from easily identifying your ChatGPT usage or monitoring other connections.

Bottom line: ChatGPT safety is in your hands

ChatGPT is a powerful generative AI chatbot that is generally safe to use, but it’s not completely risk-free.

However, it’s up to you to minimize the risks related to this tool — educate yourself about potential threats, use the recommended security practices, and enjoy the benefits of ChatGPT without compromising your safety and privacy.

Safeguard your ChatGPT conversations

Dive into AI possibilities securely with a VPN connection

Get Surfshark