Samsung workers have inadvertently leaked confidential information by using ChatGPT, an AI language model created by OpenAI, to help them with tasks. The company permitted engineers at its semiconductor division to use ChatGPT to address problems with their source code. However, the workers inputted sensitive data, such as internal meeting notes, the source code for a new program, and data associated with their hardware, thereby risking a leak of confidential information. Three incidents of Samsung employees inadvertently disclosing sensitive information via ChatGPT have been recorded in just under a month. Since ChatGPT retains user input data to further train itself, these trade secrets are now effectively in the hands of OpenAI, the company that developed the AI service.
Samsung Semiconductor has responded to the situation by developing its own in-house AI to be used by employees. However, users are only allowed to enter prompts that are limited to 1024 bytes in size. In one of the cases mentioned, an employee asked ChatGPT to optimize test sequences for identifying faults in chips, which is confidential but could save chip manufacturers significant time in testing and verifying processors and thus reduce costs. In another case, an employee used ChatGPT to convert meeting notes into a presentation, the contents of which were sensitive.
Samsung Electronics issued a warning to its employees about the potential risks of leaking confidential information in the aftermath of the incidents, stating that the data is impossible to retrieve because it is now stored on OpenAI servers. In the highly competitive semiconductor industry, any data breach could be disastrous for a company. Samsung seems to have no option to request the retrieval or deletion of the sensitive data held by OpenAI. Some argue that this fact renders ChatGPT non-compliant with the European Union’s General Data Protection Regulation (GDPR), as it is one of the core principles of the law governing how companies collect and use data. Italy has banned the use of ChatGPT throughout the country due to this reason.
In conclusion, Samsung workers have unknowingly leaked confidential data by using ChatGPT, an AI language model. This situation poses a significant risk to Samsung and the semiconductor industry as a whole. While Samsung is taking measures to address the situation, it is unclear what recourse it has to retrieve or delete the data held by OpenAI. The incident raises important questions about data privacy and compliance with data protection regulations, such as the GDPR.