Security Tips when using Artificial Intelligence (AI) Tools

Artificial intelligence (AI) tools have attracted significant user attention and are increasingly utilized in our daily work or study, particularly with the proliferation of generative AI technologies such as chatbots, document assistants, summarization platforms, and content generators. While these tools can enhance productivity and operational efficiency, they also present potential risks, including concerns related to privacy, data security, inaccurate outputs, bias, copyright infringement, and cybersecurity threats. Therefore, it is crucial to consider the potential security risks associated with AI technologies and use them carefully and responsibly.

Below are some Security Tips for reference:

Security Tips for Using AI - for General Users

Security Tips for using AI Tools :

Use a trusted AI tool:
- Always use trusted and legitimate AI platform or applications from reputable sources. Access or install the AI tools only through their official channel or app stores.
- Review the Privacy Policy, Terms of Use and other relevant data handling policies to understand how your data would be collected, stored, used, shared and protected.
- Review user comments before using or downloading the AI tools.
- Use the AI tools with settings to opt-out the sharing of chat history to avoid the conversations, between you and the AI tool, being saved and used for AI model training.
Enable security features available in the AI tools:
- Make sure that you are using a unique and strong password. Enable 2-factor authentication whenever possible.
- Utilize available security features such as enable 2-factor authentication, access controls, encryption, etc. to enhance the protection when using AI platforms.
- Disable chat history and data sharing functions to reduce the risk of data leakage.
Use secure network:
- Avoid using public Wi-Fi or other unsecured networks when accessing the AI tools as it may expose your data to unauthorized access and increase the risk of malware infection or data interception.
- Use a secure network or a VPN to protect your Internet connection and data transfer.
Keep your device and software up-to-date:
- Always keep your operating system, antivirus software and all other applications, including the AI tools, on your device up-to-date with the latest security patches to prevent any vulnerabilities being exploited by threat actors.
Don’t share personal or sensitive information:
- Avoid sharing any personal or confidential information, such as real name, passwords, photos, videos, biometric information, financial information, or any other personally identifiable information (PII), proprietary source code, etc. with the AI tools, public webpages or online platforms. Avoid giving away too much information which can identify yourself or other individuals.
- If it is necessary to give away some information, please anonymise or mask the data whenever possible before input.
Validate the outputs generate by AI tools:
- Check the accuracy of the outputs generated by AI tools by verifying through multiple reliable sources.
- Avoid using inaccurate, outdated, misleading, biased, offensive or discriminatory information.
- Application developers should also double-check the AI-generated code, scripts or technical recommendations before using them, make sure no malicious code is inserted and avoid security breaches.
Beware of the intellectual property rights issues:
- Do not upload or paste copyrighted materials, licensed content or restricted information into AI tools unless you are authorised to do so.
- Also be cautious when reusing AI-generated content, as it may create copyright, ownership or compliance concerns.
Be transparent when AI-generated content is used:
- Users should indicate when content has been generated or significantly edited by AI tools.
Do not rely on AI as the final decision-maker:
- AI tools should be used as an assistant only. Users remain responsible for the content they submit, the outputs they use, and any decisions made based on AI-generated results.
Be cautious of phishing attempts:
- Cyber criminals may attempt to make use of the AI tools to impersonate and steal personal information. Always verify that you are interacting with the legitimate AI tools and avoid clicking on any suspicious links or downloading any suspicious files unless you are certain of their legitimacy.
Manage chat history and files uploaded carefully:
- After using AI tools, clear your browser history, cache, and cookies to remove any traces of your records or conversation. Delete outdated conversations, uploaded files and unused AI accounts where appropriate to reduce the risk of data exposure.
Report Security Issues:
- If you suspect mistakenly disclose, misuse or encounter suspicious activities with the AI tools, report it immediately to your departmental IT support (for Staff) or ITSC immediately.

Overall, it’s important to stay vigilant when interacting with any artificial intelligence assistants. Users should understand the potential risks associated with the AI tools, always take precautions to protect privacy, ensure security, verify AI-generated information, and use AI in a safe, responsible and lawful manner.

Reference:

PCPD: Checklist on Guidelines for the Use of Generative AI by Employees
(https://www.pcpd.org.hk/english/resources_centre/publications/files/guidelines_ai_employees.pdf)
PCPD: 10 TIPS for Users of AI Chatbots
(https://www.pcpd.org.hk/english/resources_centre/publications/files/ai_chatbot_leaflet.pdf)
HKCERT: Verify from Various Sources to Ensure Security When Searching for Answers with AI
(https://www.hkcert.org/blog/verify-from-various-sources-to-ensure-security-when-searching-for-answers-with-ai)
HKCERT: Adopt Good Cyber Security Practices to Make AI Your Friends not Foes
(https://www.hkcert.org/blog/adopt-good-cyber-security-practices-to-make-ai-your-friends-not-foes)
HKCERT: Beware of Fake ChatGPT Apps and Phishing Websites
(https://www.hkcert.org/blog/hkcert-security-tips-beware-of-fake-chatgpt-apps-and-phishing-websites)
Kaspersky: “Fobo” Trojan distributed as ChatGPT client for Windows
(https://www.kaspersky.com/blog/chatgpt-stealer-win-client/47274/)

Published on: Apr 2023

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.