Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

DLP for ChatGPT

  1. Last updated
  2. Save as PDF
Limited Availability: To access Skyhigh CASB for ChatGPT, contact Skyhigh Support.

ChatGPT API integration with Skyhigh CASB offers comprehensive DLP controls for ChatGPT, preventing sensitive data leakage to the cloud. You can create a DLP policy with the supported policy rules and response actions to detect sensitive content and enable remediation actions for:

  • File attachments
  • Messages (prompts and responses) posted in ChatGPT

You can remediate ChatGPT-related incidents manually or in bulk.

Create a DLP Policy for ChatGPT

Create DLP policies for ChatGPT to protect sensitive organizational data. When you apply DLP policies to ChatGPT prompts and responses, if any policy violations occur, Skyhigh detects them and generates incidents. Based on your policy configuration, Skyhigh enforces remediation actions such as deleting content or sending notification emails for the incident.

This ensures sensitive data is protected and policy violations are handled consistently across your organization. 

NOTE: The following policy is provided as an example. You can define multiple policies with granular controls to protect organizational data.

Follow the steps below to create a DLP policy: 

  1. Go to Policies > DLP Policies > DLP Policies.
  2. Select Actions > Sanctioned Policy > Create New Policy.
  3. On the Description page, name the policy and describe its status and scope, and then click Next:
    • In the Name field, enter the name of the policy.
    • Click Select Service Instances.
      A right panel appears.
    • On the Select Service Instances panel, select the instances to enforce the policy. Click Done.
      This policy applies only to the selected instances.

      Description page.png
       
  4. On the Rules & Exceptions page, enter the following information:
    • Select the Keywords rule group from the menu.

      Keywords.png

      A right panel appears.
       
    • On the Select Keywords panel, enter keywords to detect in ChatGPT prompts and responses. Click Done.
      The policy blocks further actions when these keywords are detected in ChatGPT prompts and responses.

      enter key words.png
       
    • Select the severity Critical from the menu, and then click Next.

      select Critical.png
       
  5. On the Responses page, select Delete response action. Click Done.
    When ChatGPT identifies the above-mentioned keywords in prompts and responses, it deletes the content.

    Select Delete response action.png
     
  6. Click Next.
  7. On the Delete File dialog, click OK.

    Delete dialog.png
     
  8. On the Review page, review your policy and click Save.

    Review page.png

You can create multiple rules and rule groups for a single policy. For more information on creating a DLP policy, see Create a Sanctioned DLP Policy.

Enforce a DLP Policy in ChatGPT

When a ChatGPT prompt and response violate the configured policy, the Skyhigh enforces the policy and takes the remediation action as defined in the policy. In the above example, Skyhigh deletes the entire conversation (prompt and response) that includes keywords specified in the policy (such as secret and confidential). 

Keywords in ChatGPT New.png

Response as delete in chatGPT.png

An incident is generated in the Policy Incidents page.

View ChatGPT Incidents on the Policy Incidents Page and AI Dashboard Card

You can view ChatGPT incidents on the Policy Incidents page using Skyhigh Recommended views. Additionally, you can view the ChatGPT incidents on the AI dashboard card.

  1. To view ChatGPT incidents on the Policy Incidents page, go to Incidents > Policy Incidents > Policy Incidents > Views > Skyhigh Recommended > ChatGPT Incidents. For details, see Policy Incidents.

    ChatGPT_Incidents_Skyhigh recommended.png
     
  2. To view ChatGPT incidents on the AI Dashboard cards, go to Dashboards > Skyhigh Default > AI Dashboard. For details, see Monitor ChatGPT Incidents on the AI Dashboard.

    ChatGPT incidents in AI Dashboard.png

Supported DLP Rules, Response Actions, and Remediation Types in ChatGPT

► Click to view the supported DLP policy rules, response actions, and remediation types in ChatGPT.
Legends:  (tick).png Supported    (error).png Not Supported

 

DLP Policy Rules Supported

Classification

 (tick).png
Data Identifier (tick).png
File Name (tick).png
File Size (tick).png
File Type (tick).png
Keywords (tick).png
Regular Expression (tick).png
Enhanced IDM/EDM (tick).png
User Groups (tick).png
User Dictionaries (tick).png
Content-Dedupe (Messages) (tick).png
On Premises EPO Classification (tick).png
OCR (Optical Character Recognition) (tick).png
Match-Highlights (AWS/Skyhigh Default) (tick).png
Custom Email Template (tick).png
Content-Dedupe (File) (error).png
Metadata-Dedupe (error).png
Enterprise DLP (error).png
Malware (error).png
DLP Policy Response Actions Supported

Delete

 (tick).png
User Email Notification (tick).png
Send Email Notification  (tick).png
Allowed (tick).png
Remediation Supported
Manual Remediation (tick).png
Auto Remediation (error).png

Bulk Remediation

 (tick).png
Ares Bulk Remediation (tick).png
End User Remediation (tick).png
Self Remediation (error).png

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.