Netskope Global Technical Success (GTS)
Netskope controls for ChatGPT Native Client - Windows OS
Netskope Cloud Version - 121
Objective
The purpose of this document is to explore Netskope's capabilities for managing and securing the ChatGPT Native Client on Windows OS.
Prerequisite
Netskope Inline CASB and SWG license is required
Context
ChatGPT is accessible through both its web platform and the Native Client application. While implementing security controls for ChatGPT's web platform is straightforward—thanks to extensive documentation on Netskope's capabilities for applying granular traffic controls.
This document focuses on Netskope's ability to manage and secure the ChatGPT Native Client on Windows OS.
Findings
- Netskope acknowledges ChatGPT as a Cloud Application and provides a pre-defined cloud app connector.
- As of Dec 10, 2024 with Netskope’s ChatGPT predefined connector, customers can exercise control over the following activities:
Image 1
- As of December 10, 2024, the ChatGPT Native Client is available on four platforms:
- Windows
- macOS
- Android
- iOS
- On my Windows OS machine, I downloaded the ChatGPT Native Client from https://openai.com/chatgpt/download/
- After installing and launching the application, I observed that logging in is mandatory to access ChatGPT on the Native Client. In contrast, the ChatGPT web version allows limited access without requiring a login.
Image 2
- After logging in with my personal Gmail account (a non-ChatGPT plus account), I analyzed the transactions on my Netskope tenant. The Login Activity was detected, and Netskope successfully identified that the login was performed via a Google Gmail account. Additionally, Netskope registered the details of the email ID used for the login.
- ChatGPT Native Client landing page -
Image 3
- Another difference I noticed is that the ChatGPT Native Client displays different options on
compared to the ChatGPT web version. Refer Image 4 & 5
Image 4 - ChatGPT Native Client
Image 5 - ChaGPT Web Access
- I created a Realtime policy to block activities such as Post and Upload, and the results are below -
Image 6
Results
Activity - Post
Image 7
Activity - Upload
Image 8
- I also test Netskope DLP on ChatGPT Native Client and the result are below-
DLP Profile is to detect the keyword PAN
Image 9
Results
Activity - Post
Image 10
Activity - Upload (Test File Attached)
Image 11
Conclusion
The chart below illustrates what customers can achieve with Netskope in terms of ChatGPT Web Access and ChatGPT Native Client on Windows OS.
| Checks | ChatGPT Web Access | ChatGPT Native Client |
| Block ChatGPT completely | Yes | Yes |
| Restrict ChatGPT login to selected domains only | Yes | Yes |
| Block Activity - Post Completely | Yes | Yes |
| Block Activity - Upload Completely | Yes | Yes |
| DLP on Activity - Post | Yes | Yes |
| DLP on Activity - Upload | Yes | Yes |
| Controls on API Integration with Google Drive and Microsoft OneDrive | Yes | Yes |
| User Alert | Yes | Yes |
| Activity - Upload ‘File Size detection’ | Yes | Yes |
| Activity - Upload ‘File Name detection’ | Yes | Yes |
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, If any such platform changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
What to Read Next? | |
|---|---|
| All about - ‘Generative AI’ | Link |
| All about - ‘WhatsApp’ | Link |
| All about - ‘Youtube’ | Link |