This article was originally published on not your CISO on Medium. Read the full post →
ChatGPT has been a buzzword for some time now. Be it a new product built on top of it or another capability announcement, just when you think the hype has peaked, something new drops. And through all of it, security teams have been quietly scrambling to figure out what their policy actually is.
This is not a technical breakdown of how large language models work. This is a practitioner’s take on the questions a CISO — or anyone responsible for security — needs to answer before their organisation gets too comfortable with ChatGPT in the workflow.
Data classification. Prompt injection. Shadow AI. Third-party risk. These are the conversations happening in security teams right now. Here’s how to frame them.