Manager can read all your ChatGPT history? (www.token.security)

Recent revelations highlight significant privacy concerns for users of AI platforms like ChatGPT, particularly within enterprise environments. While subscribers are led to believe their data is secure under the "not used for training" label, it turns out that these platforms store conversation histories and sensitive information on centralized databases accessible by administrators. This reality poses a security risk, as anyone with access to the OpenAI Compliance API can retrieve comprehensive data, including private conversations, files, and user activities. The implications for the AI/ML community are profound. Token Security's research indicates that many users unwittingly share sensitive information—such as API keys and personal details—through casual interactions with AI tools. With the potential for widespread data breaches if API keys fall into the wrong hands, organizations face severe risks, including intellectual property theft and reputation damage. The situation calls for a reevaluation of how enterprises handle "private" AI interactions, emphasizing the need for stricter access controls, user education, and the adoption of best practices in data sharing. Understanding these vulnerabilities is crucial for organizations aiming to leverage AI responsibly while safeguarding their sensitive information.