How to prevent AI from leaking your company’s confidential data

    The opinions of contributing entrepreneurs are their own.   </p><div>

Within months of its launch in November 2022, ChatGPT began to make its mark as a formidable tool for writing and optimizing code. Invariably, some engineers at Samsung liked the idea of ​​using AI to optimize a specific piece of code that they had been struggling with for a while. However, they forgot to note the nature of the beast. AI simply doesn’t forget; it learns from the data it works with, quietly becoming part of its knowledge base.

When the disclosure of proprietary code was discovered, Samsung immediately issued a memo explicitly stating this forbidden the use of generative AI tools. And they had good reasons for that. The typical loss estimated from such data exposure can be in the millions and lead to loss of competitive advantage.

Understanding the hidden risk

How AI tools differ from traditional software:

Most of us are used to working with traditional software. We share all the data we want with them, and the results are private to us. Predictably, corporate employees pay little attention to the type of data they share, expecting standard access controls to cover any security risks.

In stark contrast, AI systems tend to absorb every piece of data we share with them. Every code snippet, every document, and even our prompts are used to inherently improve system results. This leads to the permanence problem, because the data that AI absorbs is technically accessible to outsiders, especially if you use a publicly accessible AI platform.

Moreover, in AI you really don’t have a Delete button unlike traditional software, where you can just delete all your data. AI systems contain lessons that cannot be removed because they ultimately become part of the knowledge corpus and are inextricably linked to the model itself.

Consider a hypothetical scenario: Over the years of intensive research and experience, your organization has built a formidable M&A strategy. What happens when this highly privileged information becomes public knowledge? You would face a serious loss of competitive advantage. The same can happen for a software company if its product roadmap or the source code for its product becomes public. Now the risks may even extend to the future of the company and its existence.

The 3 Critical Policies Every Business Must Implement

1. Create a crystal clear and acceptable policy for AI use

One of the best safeguards against AI-related leaks is a clear policy document, written in simple language, explaining what can be shared with AI systems and what cannot be shared under any circumstances. The policy should be crystal clear and include examples to show different scenarios.

Typical examples of explicitly prohibited data include source code, product roadmaps, proprietary frameworks, identifiable customer data, and financial data, to name a few. Depending on your business and what you consider critical, you should clearly define what type of data employees should avoid when working with AI systems.

Next, you should also ensure that strict non-disclosure agreements are in place and that compliance standards require employees to inform seniors and security teams about the release of any new type of data to AI systems. Combine this with consequences for violating the policy, which can range from mandatory training to even termination based on the level of egregious behavior.

2. Implement enterprise-level AI solutions with data auditing

Public AI platforms, such as ChatGPT, often pose an open risk to companies. Instead, you should invest in enterprise versions of AI systems, such as ChatGPT Enterprise, which provide a secure environment with the explicit promise that they won’t train their models on your proprietary data and strong encryption. You can also run solutions like Azure OpenAI Service from your private instance or secure cloud.

While dedicated enterprise versions and private instances may cost more, the investment in providing your employees with a secure AI platform simply pales in comparison to the enormous costs you may incur due to exposure to critical data.

3. Implement robust technical safeguards and regular monitoring

Now you can’t just implement a policy and hope everyone will follow it. That’s why it’s important to implement technical controls through data loss prevention tools. These systems are designed to recognize patterns and can issue an alert when proprietary information such as source code, credit card numbers, or even frameworks are entered into the AI ​​console. In addition, you should conduct regular IT audits of AI use by employees to prevent accidental leaks.

At the same time, you need to provide a solution for typical use cases depending on the nature of your business. For example, if your team often needs AI help for effective coding, make sure you have tools like GitHub Copilot for Business installed with the right security measures in place.

Implement a cultural shift through continued awareness

When it comes to preventing data breaches through AI systems, annual training modules or email policy reminders are not enough. You need AI champions in your organization to liaise with different teams and alert them to different vulnerabilities, real examples and best practices. Furthermore, ensure an open environment in which employees can report their mistakes or possible near misses without this leading to punitive measures.

The use of AI in organizations is now becoming inevitable and companies must strike a balance between innovation and data security. As a leader, you must take a proactive approach by creating a framework that enables innovation while protecting critical organizational data. This will help you gain a competitive advantage over your peers who vacillate between absurd bans and open AI use.

Sign up for the Entrepreneur Daily newsletter and get the news and resources you need today to help you run your business better. Receive it in your inbox.