Baffle, Inc. today unveiled the first and only solution for securing private data for use in generative AI projects that integrates seamlessly with existing data pipelines. With Baffle Data Protection for AI, companies can accelerate GenAI projects knowing their regulated data is cryptographically secure and remain compliant while minimizing risk and gaining the benefits of a breakthrough technology.
GenAI tools like ChatGPT are now available very easily via the web and can deliver new insights from public internet data, which has led to a surge in their adoption. Companies want to get competitive insights from their private data but are prevented from doing so given the risk of sharing that data with public LLMs. Consequently, they have barred employees from using public GenAI services out of security concerns.
Fortunately, there are private GenAI services available, specifically retrieval-augmented generation implementations, that allow embeddings to be computed locally on a subset of data. But, even with RAG, data privacy and security implications, especially compliance regulations, have not been fully considered, and these factors can cause GenAI projects to stall. While the C-suite and investors push for AI adoption, security and compliance teams are forced to make difficult choices that could put the company at risk of financial or reputational loss. Baffle Data Protection for AI empowers companies to easily secure sensitive data for use in GenAI projects against those risks.
“ChatGPT has been a corporate disruptor, forcing companies to either develop or accelerate their plans for leveraging GenAI in their organizations,” said Ameesh Divatia, founder and CEO, Baffle. “But data security and compliance concerns have been stifling innovation — until now. Baffle Data Protection for AI makes it easy to protect sensitive corporate data while using that data with private GenAI services so companies can meet their GenAI timelines safely and securely.”
With Baffle Data Protection for AI, sensitive data is encrypted with the advanced encryption standard (AES) algorithm as it is ingested into the data pipeline. When this data is used in a private GenAI service, sensitive data values are anonymized, so cleartext data leakage cannot occur even with prompt engineering or adversarial prompting.
And because sensitive data remains encrypted no matter where the data may be moved or transferred in the GenAI pipeline, unauthorized users cannot see private data in cleartext, and companies are able to meet specific compliance requirements, such as GDPR’s right to be forgotten, by simply shredding the associated encryption key.
Also, Baffle Data Protection for AI prevents private data from being exposed in a public GenAI service, as the PII data is anonymized. This technical solution is an additional safeguard that complements processes and policies that forbid the use of private data (either intentionally or unintentionally) with a public GenAI service. Unlike other options such as access controls and DLP, Baffle’s no-code, data-centric approach protects data as soon as it is created and then keeps it protected throughout the GenAI prompt and response process.