Since ChatGPT launched in 2022, OpenAI has defied expectations with a steady stream of product announcements and improvements. One such message was made on May 16, 2024, and it probably seemed innocuous to most consumers. Titled “Data Analysis Improvements in ChatGPT”, The post shows how users can add files directly from Google Drive and Microsoft OneDrive. It should be noted that other genAI tools such as Google AI Studio and Claude Enterprise have also recently added similar capabilities. Great, right? Maybe
When you connect your organization’s Google Drive or OneDrive account to ChatGPT (or other genAI tools), you give them broad permissions not only on your personal files, but also on resources on your entire shared drive. As you can imagine, the benefits of this kind of broad integration come with many cybersecurity challenges.
So how can you tell if employees have enabled the integration between ChatGPT and Google Drive, and how can you monitor which files have been accessed? This post tells you how to do it in Google Workspace and how Nudge Security can help you discover all the genAI apps in use and what other apps they’ve been integrated with.
Where to see ChatGPT activity in Google Workspace
Google Workspace has several ways to identify and investigate activities related to ChatGPT connections.
In the Google Workspace admin console, go to Reporting > Audit & Investigation > Drive Log Events. Here you will see a list of Google Drive resources that you have accessed.
You can also investigate the activity using API calls under Reports → Audit and Investigation → Oauth Log Events.
Therefore, periodically checking your Google Workspace admin console can help you understand what resources ChatGPT is accessing, but observing this activity after it has already occurred is of course less valuable than being notified as soon as new ChatGPT integrations are created . This is where Nudge Security can help.
How to see all genAI integrations with Nudge Security
Nudge Security discovers every account ever created by anyone in your organization for any SaaS application, including ChatGPT and a rapidly expanding list of recently created genAI tools, without requiring any prior knowledge of the tool’s existence. With a built-in AI dashboard, customers can keep up with AI adoption and be proactive reduce AI security risks.
In addition, Nudge Security displays all of your organization’s OAuth grants, such as those granted by ChatGPT, in a filterable OAuth dashboard that includes grant type (login or integration), activity and risk information. Filter by category to see all grants related to AI tools:
Click on a grant to open the details screen where you can view the risk profile, details about who created the grant and when, access details, areas granted and more:
You can then send a “nudge” to the grant creator via Slack or email to take a specific action, such as capping the grant, or you can immediately revoke the grant in the Nudge Security UI.
Finally, you can configure a custom rule to ensure that you are notified when a user in your organization creates an OAuth authorization for ChatGPT, or any other genAI application for that matter. You can also create rules that will immediately receive notifications when new genAI accounts are created and prompt new genAI users to review and confirm your genAI Acceptable Use Policy.
Balance performance and security
While ChatGPT’s integration with Google Drive and Microsoft OneDrive offers enormous productivity potential, it also opens the door to significant security risks. Organizations must approach this integration with a clear understanding of the potential risks and implement appropriate governance and security measures to mitigate them.
Nudge Security provides the visibility, context, and automation to help companies adopt genAI tools without compromising data security.
Start a free 14-day trial today to immediately discover every genAI application ever introduced to your organization, as well as all the integrations into your other applications.
