Recent news about a legal decision involving The New York Times and OpenAI offers a timely reminder for all of us: be intentional with the information you share when using artificial intelligence (AI) tools such as ChatGPT.

The New York Times recently secured a court order requiring OpenAI to retain ChatGPT logs that users had deleted. While this legal outcome is unlikely to significantly change the broader AI safety landscape, it underscores a critical point: What you enter into AI platforms may not be fully erasable.

What Does This Mean for You?
When using AI tools:

Avoid entering sensitive or confidential information unless you are confident it is safe and appropriate to do so.
Assume persistence: Even if a platform offers deletion options, there may be circumstances where the data is retained or recoverable.
Stay informed about your organization’s guidance, privacy policies, and best practices when using generative AI tools in your work or studies.

Helpful Links

If you have questions or would like guidance on responsible AI usage, please visit the Responsible Use of AI at URI resources page.

The Vendor Security Assessment process ensures that third-party service providers handling URI data meet appropriate security standards. ITS Security conducts these reviews as part of the IT Contract Review process to protect University systems and comply with data protection regulations. This is required for any department contracting with vendors who may store, process, or access sensitive or restricted data.

Executive Lead

Michael Khalfayan

Technical Lead

Michael Khalfayan
mkhalfayan@uri.edu

Support Team

ITS Information Security Office

About the Service:

Features

Risk Review: Evaluates the vendor’s cybersecurity controls and classifies them as low, medium, or high risk.
Compliance Support: Helps ensure URI meets obligations under GLBA, HIPAA, GDPR, PCI DSS, and other regulations.
ERM Integration: Results are shared with Enterprise Risk Management to determine insurance needs.
Third-Party Risk Visibility: Proactively identifies risks associated with data handled outside the University.

Access

Who Can Use: All URI faculty, staff, and administrative units entering into agreements with third-party vendors that involve University data.

How to Access:

Review the IT Contract Review page first.
Submit a Vendor Security Assessment request via the online form.
Requests are reviewed by the Chief Information Security Officer (CISO) and updates are shared throughout the process.

REQUEST IT SECURITY ASSESSMENT

Support and Training

ITS Service Desk: For questions or help submitting your request.

Additional Info: Visit the ITS Security Services page for security policies and guidance.

Qualys is an enterprise-grade vulnerability and web application scanning tool used to detect, assess, and manage security risks across systems and networks. At URI, Qualys plays a key role in our proactive security strategy by routinely scanning administrative networks to identify vulnerabilities before they can be exploited. These scans are conducted from within the URI infrastructure, allowing ITS to monitor, report, and respond to threats efficiently. The platform also includes a Web Application Scanner (WAS), which detects risks such as SQL injection, cross-site scripting (XSS), and other issues identified in the OWASP Top 10.

Executive Lead

Michael Khalfayan

Technical Lead

Andrew Maddock

Support Team

ITS Information Security Office
security@uri.edu

Scans performed with Qualys include:

Network vulnerability scanning
Web application scanning using OWASP Top 10 standards
Detection of threats including SQL injection, XSS, cross-site request forgery (CSRF), and URL redirection

The Qualys WAS helps URI maintain compliance and strengthen security by identifying issues before they impact critical systems and services.

For consultation or more information, contact the ITS Service Desk.

its consultation services with icon of two people with their laptops talking

ITS offers one-on-one consultation services to faculty and staff on a wide range of technology-related topics. Whether you’re planning a project, exploring new tools, or troubleshooting an issue, we’re here to help. Consultation topics may include software selection, infrastructure planning, data security, research computing, classroom technology, and more.

To get started, submit a request through the ITS Service Desk with a brief description of your needs—your inquiry will be routed to the appropriate technical lead for follow-up and scheduling.

Request a consultation

Executive Lead

Varies by Request

Technical Lead

Assigned per topic area

Support Team

ITS Community Services
Service Desk

Be Mindful When Using AI Tools: Your Input May Persist

Executive Lead

Technical Lead

Support Team

About the Service:

Features

Access

Support and Training

Executive Lead

Technical Lead

Support Team

Executive Lead

Technical Lead

Support Team