How is your organization tackling the seemingly Wild West in regard to data security for these rapidly expanding LLM AI platforms? We are working with an existing (in production) application vendor who is terminating the use of their own internal AI engine in favor of OpenAI via API. The OpenAI terms clearly state that they will not warrant that our content will be secure or not lost, which is a non-starter for us.

Security & GRCSecurity Strategy & Roadmap
549 viewscircle icon2 Comments
Sort by:
CIO in Consumer Goods3 years ago

It is emerging large ecosystem, ideally we should chart out our core strategy with clear purpose, goals, risk framework and ethics approach.

Typically with right foundational governance and guardrails we can eliminate dependence nuisances.

CTO in Media3 years ago

When it comes to ensuring data security for rapidly expanding AI platforms like OpenAI's language models (LLMs) through API integration, organizations need to take proactive steps. Start by assessing the risks involved and identifying specific security concerns. Encryption is crucial to protect the data you exchange with OpenAI, along with using secure communication channels. Minimize data exposure and enforce strict access controls and authentication. Stay vigilant by monitoring for any suspicious activity and regularly updating your systems. Have a contingency plan in place to mitigate the impact of potential breaches. It's worth negotiating specific data security terms with OpenAI or exploring alternative providers or self-hosting options. Consulting legal and security experts will help you ensure compliance and meet your organization's unique requirements.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Read More Comments

What's your experience with SAP ERP on Prem security testing? What kind of engagement did you choose for your SAP landscape—was it a deep-dive technical System Audit, a full-scope Red Team scenario, or something in between? What was the 'why' behind your decision, and what were your key takeaways?

Read More Comments

How is your company complying with CCPA's Do Not Sell My Personal Information requirement for your California users?

We configured our current consent manager to support Do Not Sell signals.19%

We built an internal tech solution to propagate Do Not Sell signals to relevant adtech platforms.43%

We use a different tool, in addition to our consent manager, to meet this requirement.16%

We are not doing anything, but know we need to find a solution.8%

We are not doing anything yet, and are purposely waiting until CPRA's Do Not Share requirement comes into effect in 2023.3%

We are not doing anything, and do not need to meet this requirement.10%

View Results

Blackhat EU is coming up -- are you going?

Yes51%

No42%

Undecided6%

View Results