CISA issues insider threat guidance amidst AI misuse concerns - SC Media

Coverage from The Register indicates that the US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance on mitigating insider threats, a move that has drawn attention due to recent reports of a senior CISA official uploading sensitive documents to ChatGPT. CISA has identified insider threats as a significant risk to organizational security and has published an infographic to help critical infrastructure entities establish multi-disciplinary insider threat management teams. These teams are intended to include human resources, legal, security, and IT personnel to monitor for and intervene in potential threats. This guidance was released shortly after reports surfaced that acting CISA Director Madhu Gottumukkala uploaded sensitive contracting documents to a public version of ChatGPT, bypassing automated security warnings. While CISA confirmed the use of the AI chatbot was under a temporary exception with DHS controls, the incident highlights the potential for data leakage when using public AI tools. Source: The Register