ChatGPT is all the buzz these days, but have you ever wondered what happens to the data you feed into it? Our VP of Products, Rob Truesdell, wrote this blog about using Redact, Audit Log, AuthN, Domain, and URL Intel to amp up security around generative AI. While these generative AI models can be beneficial in answering questions and solving problems, they are constantly training on input data. Inputs, including source code, personal information, or malicious IPs, are fed in and resurface later, which can result in PII exposure or a data breach.
To combat this, we’ve developed an Open Source ChatGPT project that demonstrates how safeguards can be put in place to give your users access to the powerful capabilities of generative AI models such as ChatGPT. Using Pangea and ChatGPT, PII is appropriately redacted, malicious domains are flagged, and that activity can be recorded in a secure audit log. To help you, we created this video to walk you through our Next.js sample app that adds a security layer on top of ChatGPT.
Product Updates
IP Intel with Team Cymru - General availability - Collaborating with Team Cymru, our IP Intel services are now generally available. Developers can utilize Team Cyrmu’s security dataset, which includes bot detection and more, via our convenient pay-as-you-go model. Protect your cloud apps and prevent connections from known active bot IPs!
User Intel with SpyCloud- General availability - User Intel is a powerful service that provides awareness of compromised usernames and passwords. This information helps protect users of your app and prevent misuse/abuse of known compromised accounts. User Intel is now a GA service and approved for production usage.
Redact - New redaction methods - Our redact service now allows rules to use "detect only" and hashing as redact settings. With the "detect only" option, the user can now deploy a rule that identifies the sensitive data (and hence "count" is incremented), but the sensitive information is not redacted. Now, users can test the new rule while other rules are redacted. Hashing allows sensitive data to be hashed such that the replacement data is unique to what is being removed. Users can observe unique pieces of data without revealing the data itself.
AuthN - IP allow list - AuthN now supports restricting access to specific IP addresses, ranges, or subnets. Restricting access is helpful if you want to permit only logins from specific networks or IP endpoints, which is typical for apps handling a company’s sensitive information like intellectual property.
PUC security insights - For services that provide data to help prevent potential breaches or attacks, Pangea User Console (PUC) security insights are now shown in the service dashboards, which report on the detected threats. For example, Intel services with regard to the /reputation endpoint, security insights will show how many potential malicious threats were observed in executing that endpoint. With the Redact API, the number of redacted occurrences is reported in the service dashboard in the Redact service. These provide you with regular awareness of the frequency of risky activity within the app, which was deterred by using Pangea APIs.
C# SDK - Now available in Beta - This package helps .NET developers use Pangea's Audit Log service in their applications. The following SDK is currently available in Beta.
SDK Examples update - GitHub repo - We now have a "defang" sample using URL, and Domain Reputation checks. Using Domain or URL reputation, users typically make malicious URLs non-clickable. Given this use case, the "defang" example code is available in the Python SDK Examples.
Pangea's Equator
Pangea - User Intel Service powered by SpyCloud
Users' credentials are critical to an application’s security. Keeping credentials safe protects you from data breaches, pivot attacks, and more. We’ve partnered with SpyCloud, the leader in discovering breached credentials to provide security intelligence related to users. Watch our video walkthrough to help you get started. Watch now.
Determine what data to include in Audit Records and how to organize it
Want a deep dive into what audit log records are or the categories of data that are useful to include in an audit log? We created this article to give you more insights and answer questions you may have about audit logging and audit log schemas. Read more.
Selecting data items to include in your Audit Log
Do you know the criteria for selecting fields for audit log records? This article breaks down everything you need to know about audit record fields. Read more.
We’re growing. Here are some roles we are hiring for!
For more openings, view our careers page!
That’s it for June!
We wanted to share some exciting news - our hackathon winners have been announced, and you can visit our hackathon gallery to see all the great submissions. We are so thankful for everyone that participated.
Visit our documentation for more starter guides and to learn how to secure your next application using Pangea Follow us on Twitter and join our community Slack channel. We have a team of developers ready to help support your next project and answer any questions you have.
