Mar. 27, 2024

Welcome to the GPT Store – and Its Three Million Security Uncertainties

OpenAI expanded its ecosystem in January 2024 with the launch of its new transformative GPT Store (Store) that allows subscribers to use and share custom chatbots. The standalone GPTs in the Store have capabilities for tasks like booking flights, summarizing a collection of PDFs or assisting negotiations – extending beyond the pre-loaded ChatGPT and DALL-E functions. In three months, the Store has attracted three million GPTs. This article examines the top security issues, including sizable third-party perils, of the Store and identifies key priorities for compliance professionals and company engineers for mitigating the risks of the new GPT app marketplace. It also suggests resources for cyber compliance professionals to monitor security concerns around large language models. See “Dos and Don’ts for Employee Use of Generative AI” (Dec. 6, 2023).

Checklist Covering CSRB Recommendations on Five Areas for Strengthening Cyber Defenses

A report released by the Cyber Safety Review Board (CSRB) in 2023 (Report) framed five critical spheres for cybersecurity improvement based on weaknesses leveraged by Lapsus$ during attacks carried out in 2021 and 2022. Organizations can use this checklist derived from the Report, and incorporating related commentary from Manatt partner Paul H. Luehr, to strengthen measures in areas the Report highlighted, including identity and access management, building resilience, mitigating third-party risk, mitigating telecommunications vulnerabilities and addressing law enforcement challenges. For in-depth coverage on the Report, see our two-part series “CSRB Report on Lapsus$ Attacks”: Key Takeaways and Law Enforcement Cooperation (Sep. 20, 2023), and Moving Beyond MFA, Building Resilience and Mitigating Third-Party Threats (Sep. 27, 2023).

SEC’s 2024 Regulatory Focus

The SEC remains aggressive on rules, exams and enforcement, but its pace of rulemaking has slowed somewhat due to legal challenges, said ACA Group (ACA) global advisory leader Carlo di Florio. This article synthesizes insights delivered by di Florio and his ACA colleagues during a firm program on top-of-mind regulatory issues for investment advisers and broker-dealers. The topics covered included AI, off-channel communications, cybersecurity, compliance technology, and environmental, social and governance investment. See “SEC Director Offers Clarification on New Cyber Disclosure Regime” (Jan. 3, 2024).

Biometric Privacy Team Moves to Blank Rome

Three litigators focused on biometric privacy have joined Blank Rome in its Chicago office. Daniel Saeedi, who will co-lead the firm’s biometric privacy team, and Rachel Schaller arrive as partners, along with associate Gabrielle Ganze. The trio joins from Taft Stettinius & Hollister. For commentary from Blank Rome, see our two-part series on the shifting BIPA landscape: “Notable Trends and Developments” (Sep. 7, 2022), and “Avoiding Liability” (Sep. 14, 2022).