The new capability ensures employees use only corporate ChatGPT accounts, preventing confidential data leakage through personal AI tools
eScan,a leading cybersecurity solutions provider, has introduced an advanced tenant control feature for ChatGPT within its Enterprise DLP platform. The new capability directly addresses one of the biggest barriers to enterprise AI adoption: the risk of sensitive data leaking through unmanaged personal AI accounts.
As enterprises increasingly adopt ChatGPT, a critical gap has emerged. Even when organizations procure ChatGPT Enterprise licenses for their workforce, employees can still access ChatGPT using personal accounts via Google, Apple, or Microsoft authentication providers, completely bypassing corporate oversight and creating ungovernable data risks.
The Data Sovereignty Problem
When employees use personal ChatGPT accounts for work-related queries, organizations lose all visibility and control over what information gets shared. Unlike corporate accounts where IT teams can access conversation logs through compliance tools, personal account usage creates blind spots that compliance and security teams cannot monitor or remediate.
This isn’t theoretical risk. Consider recent incidents where confidential information found its way into AI systems. Samsung discovered employees had accidentally leaked proprietary semiconductor designs and meeting notes into ChatGPT. A law firm faced scrutiny when attorneys used personal AI accounts to analyze confidential client documents. In each case, the data entered personal AI platforms where organizations had no ability to retrieve, audit, or ensure proper handling.
“This capability directly addresses what CIOs tell us keeps them up at night. They know their employees are using AI tools regardless of policy.”
–Govind Rammurthy, CEO at eScan
The challenge becomes more acute as AI adoption accelerates. Organizations recognize that tools like ChatGPT, Claude, and other AI interfaces dramatically improve productivity – Microsoft reports that knowledge workers using AI assistants save an average of 90 minutes per day. Yet adoption remains cautious. IBM’s 2024 Global AI Adoption Index found that 65% of enterprises cite data security and privacy as their primary barrier to AI deployment.
How the Solution Works
eScan’s Enterprise DLP already offers Workspace Tenant Control across major platforms such as Google Workspace, Microsoft 365, Dropbox, Atlassian, Slack, Webex, and many others. When employees attempt to access these platforms using personal credentials, the system blocks the login attempt. Authentication succeeds only when employees use their corporate domain credentials, maintaining workflow while ensuring data sovereignty.
The ChatGPT tenant control extends this capability to AI platforms. When an employee attempts to authenticate to ChatGPT, the eScan DLP system monitors the OAuth authentication flow. If the user attempts to authenticate via personal Google, Apple, or Microsoft identity providers, the DLP intercepts and blocks the authentication API request. Only authentication through corporate domain credentials – linked to the organization’s ChatGPT Team or Enterprise workspace – is permitted.
This approach solves multiple problems simultaneously. Employees can still use ChatGPT productively for legitimate work purposes. Organizations maintain complete visibility through their ChatGPT Enterprise compliance capabilities. Security teams can audit AI usage patterns. And most critically, confidential information stays within corporate-controlled environments where proper data handling policies apply.
Why This Matters Now
The deployment comes as organizations worldwide grapple with AI governance. Gartner predicts that by 2026, enterprises without comprehensive AI data governance will face three times more data breaches related to AI usage than those with proper controls. The challenge isn’t preventing AI use – that ship has sailed. The challenge is channelling AI use into controlled environments.
“This capability directly addresses what CIOs tell us keeps them up at night,” said Govind Rammurthy, CEO of eScan.“They know their employees are using AI tools regardless of policy. The question is whether that usage happens in corporate accounts where security teams have visibility, or in personal accounts that create ungovernable risk.” The feature is now part of eScan’s Enterprise DLP solution, with support for additional AI platforms planned based on customer requirements. As AI tools proliferate and become embedded in daily workflows, the ability to ensure corporate data sovereignty across these platforms becomes not just a security feature but a fundamental requirement for responsible AI adoption.
