November 22, 2024
How to Investigate ChatGPT activity in Google Workspace
Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It’s worth mentioning

Sep 17, 2024The Hacker NewsGenAI Security / SaaS Security

Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It’s worth mentioning that other genAI tools like Google AI Studio and Claude Enterprise have also added similar capabilities recently. Pretty great, right? Maybe.‍

When you connect your organization’s Google Drive or OneDrive account to ChatGPT (or other genAI tools), you grant it extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, the benefits of this kind of extensive integration come with an array of cybersecurity challenges.

So, how can you find out if employees have enabled the integration between ChatGPT and Google Drive, and how can you monitor which files have been accessed? This post walks through how to do this natively in Google Workspace, and how Nudge Security can help you discover all genAI apps in use, and what other apps they’ve been integrated with.

Where to see ChatGPT activity in Google Workspace

In Google Workspace, there are a couple ways to identify and investigate activity associated with the ChatGPT connection.

From Google Workspace’s Admin Console, navigate to Reporting > Audit and investigation > Drive log events. Here you’ll see a list of Google Drive resources accessed.

You can also investigate the activity via API calls under Reporting→Audit and investigation→ Oauth log events.

‍So, periodically checking your Google Workspace admin console can help you understand what resources are being accessed by ChatGPT, but seeing this activity after it has already happened is of course less valuable than getting alerted as soon as new integrations are created with ChatGPT. This is where Nudge security can help.

How to see all genAI integrations with Nudge Security

Nudge Security discovers all accounts ever created by anyone in your organization for any SaaS application, including ChatGPT and the rapidly expanding list of newly created genAI tools, without requiring any prior knowledge of the tool’s existence. With the built-in AI dashboard, customers can keep up with AI adoption and proactively mitigate AI security risks.

Additionally, Nudge Security surfaces your entire organization’s OAuth grants, such as those granted to ChatGPT, within a filterable OAuth dashboard that includes grant type (sign-in or integration), activity, and risk insights. Filter by category to see all grants associated with AI tools:

Click on a grant to open a detail screen, where you can review a risk profile, details on who created the grant and when, access details, scopes granted, and more:

You can then send a “nudge” to the creator of the grant via Slack or email to take a certain action, like limiting the scope of the grant, or you can immediately revoke the grant from within the Nudge Security user interface.

Finally, you can set up a custom rule to ensure that you are notified when a user at your organization creates an OAuth grant for ChatGPT—or any other genAI app for that matter. You can also create rules to be alerted immediately when new genAI accounts are created, and nudge new genAI users to review and acknowledge your genAI acceptable use policy.

Balancing productivity with security

While the integration of ChatGPT with Google Drive and Microsoft OneDrive offers immense potential for improving productivity, it also opens the door to significant security risks. Organizations must approach these integrations with a clear understanding of the potential risks and implement proper governance and security measures to mitigate them.

Nudge Security provides visibility as well as context and automation to help businesses adopt genAI tools without compromising data security.

Start a free, 14-day trial today to immediately discover all genAI apps ever introduced to your organization along with all integrations into your other applications.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.