(stoatphoto/Shutterstock)
Unless you’ve been hiding under a rock for the past eight months, you’ve probably heard that large-scale language models (LLM) and generative AI change everything. Companies are eager to adopt the likes of ChatGPT to augment their human workforce or replace them entirely. But in addition to the unemployment impact and the ethical implications of biased models, these new forms of AI come with data security risks that enterprise IT departments are beginning to understand.
In his December 2016 keynote speech at the Data + AI Summit, Matei Zaharia, CTO and co-founder of Databricks and creator of Apache Spark, said, “Every company on the planet has to overcome difficult technical challenges. We’re just looking at the problem and slapping LLM.” Tuesday. “How many bosses have asked you to do this? Like almost everyone here.”
Corporate boards are definitely aware of the potential impact of generative AI. A study conducted by Harris Poll on behalf of Insight Enterprises found that 81% of large companies (1,000+ employees) have established, implemented, or are developing a generative AI policy or strategy. is.
“The pace of exploration and adoption of this technology is unprecedented,” Matt Jackson, global chief technology officer at Insight, said in a press release on Tuesday. “People are sitting in conference rooms and virtual rooms discussing how generative AI can help them meet short-term business goals while trying to avoid disruption by faster and more efficient adopters. ”
No one wants to be the first to figure out how to monetize generative AI and be superseded by faster-moving companies. At the moment it seems like a clear possibility. However, there are other possibilities, such as losing control of your personal data, Gen AI being hijacked, or Gen AI apps being contaminated by hackers or competitors.
(Eble Omar/Shutterstock)
Inherent security risks that LLM users should be aware of include immediate injection, data exfiltration, and unauthorized code execution. These are some of the top risks listed by the Open Worldwide Application Security Project (OWASP), an online community dedicated to raising awareness of security vulnerabilities, in their top 10 list of large language models.
Data breaches, where LLMs accidentally share potentially personal information used for training, have long been a documented concern for LLMs, but since the debut of ChatGPT in late 2022, the concern has been raised. Falling behind the Gen AI hype. It may also create specific prompts designed to extract information from Gen AI apps. To prevent data leakage, users should implement protections such as output filtering.
Using OpenAI, Google, or Microsoft APIs to share your company’s raw sales data might seem like a great way to get half-heartedly decent off-the-shelf reports, but when users There is also the risk of intellectual property (IP) disclosure that you should be aware of. of. In Wednesday’s editorial, wall street journal Appian CEO Matt Calkins titled “Don’t let AI steal your data,” urging companies to be cautious about sending private data to the cloud.
“Recently, a financial analyst friend of mine asked ChatGPT to write a report,” Calkins wrote. “Within seconds, the software produced a passable document that the analyst thought would be admired. On the contrary, his boss was furious. is it?”
LLMs and Gen AI apps can put together marketing pitches and sales reports like your average copywriter or business analyst, but there’s no guarantee that your data will remain private. There is a big caveat.
“Enterprises are learning that large language models are powerful but not private,” writes Calkins. “For technology to provide valuable feedback, it must first be provided with valuable information.”
(After the fact/Shutterstock)
The folks at Databricks have also heard that concern from customers, and it’s one of the reasons why they raised MosiacML for $1.3 billion on Monday and released Databricks AI yesterday. The company’s CEO, Ali Ghodsi, has professed that he is a proponent of the democratization of AI, which today seems to mean owning and running its own LLM.
“Every time I have a conversation, customers say, ‘I want to control the IP, I want to lock down the data,'” Godi said at a news conference on Tuesday. “Companies want to own the model. They don’t want someone to use only one model that he offers because that is intellectual property and competitiveness. ”
Godi likes to say that every company becomes a data and AI company, but not all companies become data and AI companies in the same way. Development of high-quality custom LLMs is likely to be led by large companies. MosiacML co-founder and CEO Naveen Rao said Tuesday that building a separate company costs hundreds of thousands of dollars, while Google and OpenAI spend training giant models.
But just as companies like MosiacML and Databricks can easily and affordably create custom LLMs, smaller businesses without the funding or technical resources rely on pre-built LLMs running in the public cloud. You will most likely end up uploading your prompts there. As with any other SaaS application, you need to pay a subscription to access the API. These companies need to be aware of the risks this poses to their personal data and intellectual property.
There is evidence that businesses are beginning to recognize the security afforded by new forms of AI. An Insight Enterprise survey found that 49% of his survey respondents said they were concerned about the safety and security risks of generative AI, second only to quality and management. This preempted concerns about the limits of human innovation, costs, and legal and regulatory compliance.
The Gen AI boom could benefit the security business. According to global telemetry data collected by Skyhigh Security (formerly McAfee Enterprise) from his first half of 2023, approximately 1 million of the company’s users accessed his ChatGPT through corporate infrastructure. The company says that between January and June, the volume of users accessing ChatGPT through its security software increased by 1,500%.
“Protecting corporate data in SaaS applications like ChatGPT and other generative AI applications is the purpose of Skyhigh Security,” said Anand Ramanathan, chief product officer of Skyhigh Security, in a press release.
Related products:
Databricks’ $1.3B MosaicML Acquisition: A Strategic Bet On Generative AI
Federal government ramps up cyber spending as security threats to data surge
Databricks Unleashes New Tools for Gen AI at Lakehouse
