The use of generative AI has nearly doubled in the past six months, with 75% of global knowledge workers now integrating it into their daily tasks [1]. Employees are eager to use AI at work and are not waiting for their employers to catch up – in fact, 78% of employees surveyed admitted to bringing their own AI tools to the workplace [2]. However, this trend poses significant risks to company data, with cybersecurity and data privacy emerging as the top concern for leaders in the coming year [3]. To mitigate these risks, organizations need to adopt enterprise-ready solutions like Microsoft Copilot for Microsoft 365 and OpenAI’s ChatGPT Enterprise.
We’ve previously released Microsoft Purview capabilities to help customers discover, protect and govern data shared across generative AI applications such as Copilot for Microsoft 365. Copilot is integrated into Microsoft 365 apps so that it understands a user’s work context, is grounded in Microsoft Graph to provide more personalized and relevant responses and can connect to business data sources to reason over all of user’s enterprise data. Copilot inherits Microsoft 365 controls and commitments, providing customers with comprehensive enterprise data protection. And with Microsoft Purview, Copilot customers receive real-time data security and compliance controls seamlessly integrated into their organization’s M365 deployment.
Additionally, we have released Microsoft Purview capabilities to discover, protect and govern data shared with custom-built AI apps built with Copilot Studio, as well as other third-party AI apps, such as Google Gemini, when used from a managed device.
Our goal is to deliver a comprehensive security platform that offers multi-cloud and multi-platform support. And extensibility plays a key part in our strategy to provide security for all leading generative AI applications. Today, we are excited to integrate some of our discovery and governance Microsoft Purview capabilities to OpenAI’s ChatGPT Enterprise Compliance API in private preview.
Discover sensitive data shared with ChatGPT Enterprise
Security teams often find themselves in the dark when it comes to data security risks associated with AI usage. A staggering 80% of leaders cite the leakage of sensitive data as their primary concern [3]. Additionally, more than 30% of decision makers admit they are unaware of the location or the nature of their sensitive, business critical data [4]. As generative AI produces an increasing volume of data, gaining visibility into what enterprise data is being shared with and generated by AI apps becomes crucial.
Microsoft Purview provides out-of-the-box integration with the ChatGPT Enterprise Compliance API, now available in private preview. This integration allows organizations to gain visibility into the prompts and responses from ChatGPT Enterprise, as well as the total number of users interacting with ChatGPT Enterprise and their associated risk level, pulled from Microsoft Purview Insider Risk Management. Based on these insights, customers can apply controls to any sensitive data being shared.
By integrating with ChatGPT Enterprise, Microsoft Purview helps to provide the critical visibility needed for organizations to capture and detect AI prompts and responses containing sensitive data.
Govern the use of ChatGPT Enterprise
In addition to security concerns, there is a growing focus on data compliance and concerns around unethical use of generative AI applications, which could result in regulatory violations and fines. Organizations need to proactively prepare for AI regulations and detect non-compliant use of AI.
This new integration will enable organizations to use Microsoft Purview Audit to capture ChatGPT Enterprise interactions and to configure Microsoft Purview Data Lifecycle Management retention policies for ChatGPT Enterprise prompts and responses.
Microsoft Purview Communication Compliance helps organizations proactively detect and mitigate safety and communication risks associated with ChatGPT Enterprise interactions such as hate or discrimination, corporate sabotage, sharing of credit card numbers or user login credentials, and more. These insights help organizations enforce compliance policies and support regulatory compliance.
Lastly, organizations can leverage Microsoft Purview eDiscovery to conduct legal investigations with the preservation and collection of relevant ChatGPT Enterprise data. This helps organizations manage their legal exposure and more efficiently respond to legal challenges.
Get Started
- Reach out to your account manager to gain access to this private preview of OpenAI’s ChatGPT Enterprise Compliance API integration.
- Learn more about our Microsoft Purview integrations with Copilot:
- Learn more about Microsoft Purview AI Hub here: Microsoft Purview data security and compliance protections for Microsoft Copilot | Microsoft Learn
- Stay tuned for announcements coming soon on public preview availability.