DLP for ChatGPT

Create a DLP Policy for ChatGPT

Create DLP policies for ChatGPT to protect sensitive organizational data. When you apply DLP policies to ChatGPT prompts and responses, if any policy violations occur, Skyhigh detects them and generates incidents. Based on your policy configuration, Skyhigh enforces remediation actions such as deleting content or sending notification emails for the incident.

This ensures sensitive data is protected and policy violations are handled consistently across your organization. 

Follow the steps below to create a DLP policy: 

1. Go to Policies > DLP Policies > DLP Policies.
2. Select Actions > Sanctioned Policy > Create New Policy.
3. On the Description page, name the policy and describe its status and scope, and then click Next:
   • In the Name field, enter the name of the policy.
   • Click Select Service Instances.
     A right panel appears.
   • On the Select Service Instances panel, select the instances to enforce the policy. Click Done.
     This policy applies only to the selected instances.
     
     
      
4. On the Rules & Exceptions page, enter the following information:
   • Select the Keywords rule group from the menu.
     
     
     
     A right panel appears.
      
   • On the Select Keywords panel, enter keywords to detect in ChatGPT prompts and responses. Click Done.
     The policy blocks further actions when these keywords are detected in ChatGPT prompts and responses.
     
     
      
   • Select the severity Critical from the menu, and then click Next.
     
     
      
5. On the Responses page, select Delete response action. Click Done.
   When ChatGPT identifies the above-mentioned keywords in prompts and responses, it deletes the content.
   
   
    
6. Click Next.
7. On the Delete File dialog, click OK.
   
   
    
8. On the Review page, review your policy and click Save.
   
   

You can create multiple rules and rule groups for a single policy. For more information on creating a DLP policy, see Create a Sanctioned DLP Policy.

Enforce a DLP Policy in ChatGPT

When a ChatGPT prompt and response violate the configured policy, the Skyhigh enforces the policy and takes the remediation action as defined in the policy. In the above example, Skyhigh deletes the entire conversation (prompt and response) that includes keywords specified in the policy (such as secret and confidential). 

An incident is generated in the Policy Incidents page.

View ChatGPT Incidents on the Policy Incidents Page and AI Dashboard Card

You can view ChatGPT incidents on the Policy Incidents page using Skyhigh Recommended views. Additionally, you can view the ChatGPT incidents on the AI dashboard card.

1. To view ChatGPT incidents on the Policy Incidents page, go to Incidents > Policy Incidents > Policy Incidents > Views > Skyhigh Recommended > ChatGPT Incidents. For details, see Policy Incidents.
   
   
    
2. To view ChatGPT incidents on the AI Dashboard cards, go to Dashboards > Skyhigh Default > AI Dashboard. For details, see Monitor ChatGPT Incidents on the AI Dashboard.
   
   

Supported DLP Rules, Response Actions, and Remediation Types in ChatGPT

► Click to view the supported DLP policy rules, response actions, and remediation types in ChatGPT.

Legends:   Supported     Not Supported

 

DLP Policy Rules	Supported
Classification
Data Identifier
File Name
File Size
File Type
Keywords
Regular Expression
Enhanced IDM/EDM
User Groups
User Dictionaries
Content-Dedupe (Messages)
On Premises EPO Classification
OCR (Optical Character Recognition)
Match-Highlights (AWS/Skyhigh Default)
Custom Email Template
Content-Dedupe (File)
Metadata-Dedupe
Enterprise DLP
Malware

DLP Policy Response Actions	Supported
Delete
User Email Notification
Send Email Notification
Allowed

Remediation	Supported
Manual Remediation
Auto Remediation
Bulk Remediation
Ares Bulk Remediation
End User Remediation
Self Remediation