There’s no debating that ChatGPT’s availability has radically transformed the discussion about AI. It’s no longer a question of how many years but rather how many months and, in some cases, how many weeks before AI will be integral to everyday business operation. Thanks to a clearly defined National Strategy for Artificial Intelligence, it’s no surprise that public and private sector entities in the UAE have been quick to spot opportunities, with DEWA, for example, becoming the first utilities provider globally to enrich its services with the same technology of ChatGPT.
At the same time, organisations must be extremely careful with how they use or deploy innovations based on AI to avoid compromising security.
The security implications of AI/ML
ChatGPT generates responses based on the data it has been trained on, which could include sensitive or confidential information. Enterprises should have appropriate measures in place to protect the privacy and confidentiality of the data they are passing through the API.
The accuracy and reliability of ChatGPT’s responses may not be 100 per cent guaranteed, and they might be incorrect or biased due to the training data that were used. Organisations should carefully evaluate the accuracy and reliability of the responses before using them in any critical business processes.
Organisations may become dependent on ChatGPT’s reliability and availability, as issues with ChatGPT’s service could affect the enterprise’s ability to use the API. Furthermore, organisations should protect the API from misuse and abuse, as, if not secured, it can be used to launch attacks against the enterprise’s systems or to harvest sensitive data.
OpenAI’s security protections
If your organisation intends to use OpenAI’s game-changing chatbot, it pays to first start by familiarising yourself with the security protections that the company has set in place.
- Access control: OpenAI implements strict access controls to ensure that only authorised personnel have access to its backend systems and data.
- Encryption: All data transmitted between OpenAI’s systems and its customers is encrypted using industry-standard encryption protocols.
- Network security: OpenAI has implemented various network security measures, such as firewalls and intrusion detection and prevention systems, to protect its systems from external threats.
- Regular security assessments: OpenAI regularly conducts security assessments to identify and mitigate potential security risks.
- Data protection: OpenAI uses various measures, such as data masking and access controls, to protect the confidentiality, integrity, and availability of customer data.
- Incident response: OpenAI has a well-defined incident response process to quickly respond to any security incidents and minimise their impact.
- Compliance with industry standards: OpenAI follows industry-standard security best practices and complies with various regulations, such as HIPAA, to ensure the security and privacy of its customers’ data.
AI safety recommendations
There are several tools and recommendations to consider when it comes to safety using AI/ML solutions. OpenAI has a free-to-use Moderation API that can help reduce the frequency of unsafe content in completions. Alternatively, you may wish to develop a custom content filtration system tailored to specific use cases.
It is recommended “red-teaming” applications to ensure they are robust to adversarial input. Test products over a wide range of inputs and user behaviours, both a representative set and those reflective of someone trying to ‘break’ the application. Does it wander off topic? Can someone easily redirect the feature via prompt injections, e.g. “ignore the previous instructions and do this instead”?
Wherever possible, a human should review the outputs before they are used in practice, especially in high-stakes domains, and for code generation. Staff should be aware of the system’s limitations and have access to any information needed to verify the outputs. For example, if the application summarises notes, an employee should have easy access to the original notes to refer back.
“Prompt engineering” can help constrain the topic and tone of output text, reducing the chance of generating undesired content, even if a user tries to produce it. Providing additional context to the model (such as by giving a few high-quality examples of desired behaviour prior to the new input) can help steer model outputs in desired directions.
Users should be required to register and log-in to access services. Linking this service to an existing account, such as a Gmail, LinkedIn, or Facebook log-in, may help, though may not be appropriate for all use-cases. Requiring a credit card or ID card reduces risk further. Limiting the amount of text a user can input into the prompt helps avoid prompt injection. Limiting the number of output tokens helps reduce the chance of misuse. Narrowing the ranges of inputs or outputs, for example allowing user inputs through validated dropdown fields (e.g., a list of movies on Wikipedia) instead of open-ended text inputs, or returning outputs from a validated set of materials on the backend rather than attempting to answer the query from-scratch reduces the extent of misuse possible within an application.
Users should generally have an easily available method for reporting improper functionality or other concerns about application behaviour (listed email address, ticket submission method, etc.). This method should be monitored by a human and responded to as appropriate.
Keep an eye on DIY (do-it-yourself) AI
Finally, a trend being closely monitored at Delinea Labs is the advent of democratised AI. It’s already incredibly easy to replicate and re-train your privately owned Chat-GPT like model. For example, Stanford’s Alpaca is surprisingly good. The claim here is the training can be done in 5 hours on a single RTX 4090. Opting for a DIY base approach to your enterprise’s AI implementation can mitigate the risk of privacy, confidentiality, compliance, and third-party reliance but other concerns remain. Staying ahead of this trend and AI/ML security generally can help ensure organisations can safely leverage these new solutions safely and effectively.
Security First
As with traditional IT systems, the rollout of AI systems must be done in parallel with the implementation of the appropriate security countermeasures. Past experience has taught us that cybersecurity as an afterthought is a receipt for disaster. Proceeding with AI implementations at breakneck pace may be tempting, or even unavoidable, but organisations that pay due attention to security will be the ones that see long-term success in the AI revolution.
