Nightfall Chrome Plugin Deployment Guide
A deployment guide to manage ChatGPT through Nightfall browser plugin.
Introduction
The Nightfall browser extension is a simple yet effective way to monitor usage of ChatGPT in your organization. This guide describes how to successfully deploy Nightfall DLP so that you can stop data sprawl, plug data leaks, and ensure continuous compliance. You will learn how to:
Scan for any sensitive data (such as PII, PHI, PCI, credentials, or proprietary code) before submitting your prompt.
Review AI-generated responses for any sensitive data that may come from third parties.
Evaluate AI-generated responses for accuracy, vulnerabilities, or malicious code before implementing them into your workflow.
Prerequisites
For a seamless deployment, we recommend having the following:
Ability to manage browsers via the Google Admin console, a Mobile device management (MDM) tool, or group policies
To capture the full user context (who is using ChatGPT), the Nightfall browser extension requires each employee to log in. Today, the Nightfall browser extension supports these login flows:
Google SSO: Google SSO is supported out of the box by Nightfall to log in to the ChatGPT extension. An auto-login is performed when the employee navigates to chat.open.ai and is currently logged into a Chrome profile associated with their work email.
Azure Active Directory (AAD): Microsoft AAD is supported out of the box by Nightfall to log in to ChatGPT.
OIDC-Based SSO: SAML SSO-based login requires additional configuration by Nightfall, based on your identity provider. Please contact support@nightfall.ai to enable SAML-based login to the ChatGPT extension. Additionally, you must have administrator access to the identity provider being used.
Step 1: Set up the Nightfall Environment
Reference the "How to" page Create a Policy
Enable the integration by connecting with your Nightfall customer success manager or email support@nightfall.ai
Click the Policies tab on the left-sidebar
Select the + Add new policy and select ChatGPT
Follow the configuration steps to create a new policy
For testing, we recommend adding either the SSN, Credit Card or API Key detectors at Very Likely.
Step 2: Install and test the Nightfall Chrome Extension
Reference “How To” page: Install the Nightfall DLP for ChatGPT extension
Google Chrome Marketplace:
Open Google Chrome and on the top right, log into your work-managed Google Chrome profile (This is an optional step but will expedite the process).
Navigate to the Chrome marketplace listing
Click + Add to Chrome and Add Extension.
ChatGPT:
Navigate to ChatGPT and log into any existing ChatGPT account, this can be a personal or work-associated account.
If you did not complete step 1 above, proceed to log in to the Nightfall Chrome extension via Google or Microsoft SSO in order to continue using ChatGPT.
Once logged into both ChatGPT and the Nightfall chrome extension, the Nightfall logo should appear next to the submit button.
Enter in sample sensitive data, here is a Nightfall page of sample test data
Note: The data should match the detection rules that were added in the policy
Validate that a Nightfall prompt appeared which highlighted the data in question
Continue submitting the redacted or original text to trigger a violation
Nightfall:
Click the Violations tab in the left-sidebar
Open the latest ChatGPT violation and inspect the findings
You have successfully installed and tested ChatGPT. Please continue testing the integration to ensure a smooth rollout process. Please see Step 4 for more details on deployment methods and best practices.
Step 3: Inform your organization about Nightfall DLP for ChatGPT
With the rollout of a new security tool, there requires a level of employee visibility and education. We have compiled a list of resources that can be used to inform your organization about Nightfall for ChatGPT.
Step 4: Rollout the Nightfall Chrome extension to your organization
As a best practice, we recommended rolling the integration in a crawl, walk, run approach. Below is an ideal deployment timeline that was designed after working with a number of our customers.
Ideal Deployment Timeline:
Week 1: Rollout to SecOps team for testing
Week 2: Rollout to IT and InfoSec team for testing
Week 3: Rollout to 50% of the company
Week 4: Rollout to 75% of the company
Week 5: Rollout to 100% of the company
Deployment Methods:
Since the browser extension requires complete coverage on all employee browsers, there are a few options for how this can be done. We recommend working with your IT admin and understanding which is the best way to roll out the extension given your company’s ecosystem.
Option 1: Force install the extension to a subset of users via the Google admin console
Option 2: Use an MDM solution to rollout the extensions across your chromium browsers
Option 3: Require employees to manually install the extension to allow the usage of ChatGPT in your organization
Last updated