[bretticus]

Why? It’s a valid concern in my opinion. You’re feeding OpenAI your intellectual property and just hoping they don’t do anything with it. I have the same concerns with Microsoft’s TypeScript playground

[Karawebnetwork]

It is a valid concern if you send an entire list of confidential data and ask it to transform that list. However if you ask ChatGPT some questions about coding in general it's no different than searching online.

[DANmode]

Unless you feed it your proprietary code — something Samsung chip fabrication employees actually did.

[makeitdouble]

This comes down to whether you trust your whole organization to act be educated about these issues and be good at judging what's ok.

At the size of Samsung that's just an impossible move, and it's easier to blanket ban a problematic service and have employee request exceptions justifying their use case.

BTW I've been in companies that blanket ban posting stuff online, and got posts security reviewed when asking help on vendor community forums. That's totally a thing.

[armchairhacker]

It's like WFH/in-office. Some people care and some don't, you're removing the ones who care.

Personally I haven't used GPT much so I wouldn't mind, but banning copilot would make me reconsider.

[golergka]

Yes, 20 lines of transforming jsons from one form to another are exactly what OpenAI employees are looking for in all the data they're gathering. How will my company survive after they get their hands on this?

[babyshake]

Good opsec/appsec requires doing things that seem unnecessary. And it depends on the context. Passing a private key or raw text customer password to any type of online tool is never a good idea.

[intelVISA]

You'd be surprised how much load bearing software could be reduced to 20 lines of data transforms, or less.