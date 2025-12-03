eScan has introduced an advanced tenant control feature for ChatGPT within its Enterprise DLP platform. The new capability directly addresses one of the biggest barriers to enterprise AI adoption: the risk of sensitive data leaking through unmanaged personal AI accounts.

As enterprises increasingly adopt ChatGPT, a critical gap has emerged. Even when organisations procure ChatGPT Enterprise licenses for their workforce, employees can still access ChatGPT using personal accounts via Google, Apple, or Microsoft authentication providers, completely bypassing corporate oversight and creating ungovernable data risks.

The data sovereignty problem

When employees use personal ChatGPT accounts for work-related queries, organisations lose all visibility and control over what information gets shared. Unlike corporate accounts where conversations can be audited through compliance APIs, personal account usage creates blind spots that compliance and security teams cannot monitor or remediate.

This isn’t theoretical risk. Consider recent incidents where confidential information found its way into AI systems. Samsung discovered employees had accidentally leaked proprietary semiconductor designs and meeting notes into ChatGPT. A law firm faced scrutiny when attorneys used personal AI accounts to analyse confidential client documents. In each case, the data entered personal AI platforms where organisations had no ability to retrieve, audit, or ensure proper handling.

The challenge becomes more acute as AI adoption accelerates. Organisations recognise that tools like ChatGPT, Claude, and other AI interfaces dramatically improve productivity. Microsoft reports that knowledge workers using AI assistants save an average of 90 minutes per day. But adoption remains cautious – IBM’s 2024 Global AI Adoption Index found that 65% of enterprises cite data security and privacy as their primary barrier to AI deployment.

How the solution works

eScan’s Enterprise DLP already offers Workspace Tenant Control across major platforms such as Google Workspace, Microsoft 365, Dropbox, Atlassian, Slack, Webex, and many others. When employees attempt to access these platforms using personal credentials, the system blocks the login attempt. Authentication succeeds only when employees use their corporate domain credentials, maintaining workflow while ensuring data sovereignty.

The ChatGPT tenant control extends this capability to AI platforms. When an employee attempts to access ChatGPT, the DLP system verifies the authentication method. If the user tries to authenticate via personal Google, Apple, or Microsoft accounts, access is blocked. Only corporate domain credentials – linked to the organisation’s ChatGPT Enterprise or Business workspace – are permitted.

This approach solves multiple problems simultaneously. Employees can still use ChatGPT productively for legitimate work purposes. Organisations maintain complete visibility through their ChatGPT Enterprise compliance capabilities. Security teams can audit AI usage patterns. And most critically, confidential information stays within corporate-controlled environments where proper data handling policies apply.

Why this matters now

The deployment comes as organisations worldwide grapple with AI governance. Gartner predicts that by 2026, enterprises without comprehensive AI data governance will face three times more data breaches related to AI usage than those with proper controls. The challenge isn’t preventing AI use – that ship has sailed. The challenge is channelling AI use into controlled environments.

“This capability directly addresses what CIOs tell us keeps them up at night,” said Govind Rammurthy, CEO of eScan. “They know their employees are using AI tools regardless of policy. The question is whether that usage happens in corporate accounts where security teams have visibility, or in personal accounts that create ungovernable risk.”

The feature is now part of eScan’s Enterprise DLP solution, with support for additional AI platforms planned based on customer requirements. As AI tools proliferate and become embedded in daily workflows, the ability to ensure corporate data sovereignty across these platforms becomes not just a security feature but a fundamental requirement for responsible AI adoption.