Can DLP be used to monitor ChatGPT?
search cancel

Can DLP be used to monitor ChatGPT?

book

Article ID: 261794

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

You'd like to monitor or block sensitive data uploaded via ChatGPT using the DLP product and would like to know whether it is possible.

 

Environment

15.8 or higher.

Resolution

ChatGPT can be monitored using both the DLP Endpoint Agent and Network Prevent for Web if the connection made to the ChatGPT website is performed via a proxy:

a) Endpoint Agent can be used to monitor, or block, sensitive content uploaded to ChatGPT. It is possible through the regular endpoint network monitoring which allows to track or block information flowing through Web browsers. The same limitations are applicable to ChatGPT as to any other Web sites. For HTTPS channel it is only possible to monitor clipboard (copy & paste) of data in Chrome or Edge browsers. Inline text, so text entered manually into an entry box on a website, is supported on Firefox and Internet Explorer browsers. In case of HTTP Inline text monitoring is supported for all supported browsers. For more details on monitoring network channels and it's limitation refer to the document linked below:

About endpoint network monitoring (broadcom.com)

However, in some cases related Inline text, the text entered in Firefox could not be detected due to website (ChatGPT) specific behavior where traffic is sent in encrypted format via the web socket and DLP agent can not monitor encrypted traffic.  

 

b) Network Prevent for Web is also capable for monitoring and blocking sensitive content uploads in ChatGPT through the regular HTTPS/HTTP channels. With Network Prevent for Web it is also possible to monitor or block text entered into the ChatGPT entry box regardless of the browser used. However, by default NPW servers are configured to ignore requests smaller than 4096 Bytes. Requests smaller than the specified limit will not be analyzed. This usually means that the message, or text entered into the box, needs to consist of approximately 500 words before the NPW can analyze it's traffic. This limit is adjustable through the detection server Configuration window, in the ICAP tab:

  1. In the Enforce Console navigate to System -> Servers and Detectors -> Servers
  2. Click on the Network Prevent for Web server
  3. Click "Configure" in the top section of the screen
  4. Change the tab to ICAP
  5. Adjust the "Ignore Requests Smaller Than" property accordingly.

Note that changing this value to a lower value will cause the NPW server to perform detection on a larger amount of messages. This can have an impact on performance of the Server. Proceeding in smalls steps is advised.

For more details on configuring the Network Prevent for Web servers and it's properties refer to the document linked below:

Configuring Network Prevent for Web Server (broadcom.com)

 

To help determine the size of the message/text entered and sent to ChatGPT, or other website, Developer Tools of the Web Browser can be used. For details refer to the article linked below:

Network Prevent for Web does not detect information sent through a Web based text entry box (broadcom.com)

Additional Information

Additional general tuning can be found in the below link

https://knowledge.broadcom.com/external/article/159666/data-loss-prevention-network-prevent-for.html