Writing texts, programming, data-assisted troubleshooting - the use of AI-based language models (LLMs) by companies and employees opens up a lot of potential. It is worth taking a closer look at different application models. This is the case both with regard to their effectiveness and their security and data protection. Cloud-based LLMs in particular pose risks in the area of data protection.
Narrowin develops frameworks and prototypes for the secure and trustworthy use of LLMs - be it through anonymization or through the operation of local "on prem" solutions. The latter allow companies to retain control over their data. As part of an innovation project ('Cyber Regulatory Co-Pilot') funded by the federal government (Innosuisse), we are also working with FHNW to investigate the key problems and solutions in this context. By addressing data protection and security concerns, companies can strengthen customer trust, minimize security risks and ensure compliance with data protection regulations.
Employees using AI tools like ChatGPT can present certain risks to a company, even if they remove company names and other identifiers. Some examples:
IP Address Tracking: While individual IP addresses might not directly identify a company, patterns in IP addresses can be correlated with specific organizations, especially if the IP addresses are associated with a company's office or VPN.
Correlation of Questions and Data: Even if company names are removed, the content and context of the questions and data can provide significant clues about the company. Specific terminology, project details, or industry-specific information can be enough to deduce the company or the sector in which it operates.
Accidental Disclosure of Sensitive Information: Employees might inadvertently share sensitive information or ask questions that reveal proprietary or confidential details. This could include strategies, internal processes, financial information, or intellectual property.
Data Aggregation: Over time, multiple queries from the same company can be aggregated, painting a detailed picture of the company's operations, challenges, and strategies. This aggregated data can be valuable and sensitive.
Security Risks: There is always a risk of data breaches or misuse of the information by the cloud service provider. If the provider's systems are compromised, the data shared by employees could be exposed.