In today’s digital landscape an immense volume of data can be found online, serving not only as a foundation for AI development but also for the parameterisation of basic data processing workflows. We frequently rely on third-party services, whether it’s Google, especially Android, Microsoft’s corporate solutions or other value-added cloud services. This has led to a dangerous underestimation of security, often dismissed with the notion “Our data is already out there anyway”. Let’s simplify this and delve into the matter of data and third-party services, excluding those explicitly stating in their terms that they process data directly, with most actions transferred to their platforms, making them the data and principles’ owners. Do you continually see #Deeply ads? It’s better to read the terms and conditions before full engagement.
They have our data…
Many corporate entities have transitioned from operating their own servers to utilising cloud services, confirming that our data is indeed in their possession. However, they are restricted from accessing the data’s content, limited only to its structure and metadata such as data type, size and usage frequency. Any exploitation of the data’s content would violate corporate rights and border on criminal activity.
They work with our data…
When we engage in content processing beyond cloud services, we legitimise the use of our data. This doesn’t immediately imply that our data will become publicly available online or that the platform will directly profit from it. However, our data could be used for AI training, with the outcomes potentially shared with others. This raises concerns, especially when it involves sharing our data handling schemas, verging on the transfer of proprietary knowledge to a third party.
They work with our understanding of data…
Realising the ease with which one can lose not just data but the know-how to work with it can be alarming. Consider the GPT platform for simplicity, and I ask readers to bear with my oversimplification. Those yet to embrace the GPT phenomenon are missing out on educational advancements and simplifications of daily tasks, yet nothing unattainable. Personally, I frequently consult GPT and local LLMs for various tasks, from regular expressions and article generation to mundane life hacks. These queries are based on a fundamental dataset used for AI training, primarily consisting of publicly accessible data, against which there’s little argument. AI works with its data, adjusting to user interactions, thereby increasing the relevance of its responses.
Then there’s working with corporate data, which I would never transfer to another platform, and client data, which is particularly sensitive and not openly discussed. GPT, for instance, offers certain features to reassure users and provide a sense of security, like options to prevent AI from utilising user data for its improvement, learning from conversation history, or even storing history. At first glance, this appears ‘safe’, but delving deeper into AI data processing always reveals vulnerabilities.
One such vulnerability is the principle of ‘they already have our data’, which inadvertently teaches AI to work with that data. Even if we prevent AI from incorporating our data into its corpus, the process of working with data still establishes a usage principle. Once a prompt is entered, it’s processed, and AI responds relevantly without needing our data’s content. The pattern of data interaction suffices. As we refine our responses, we provide the AI with Stimulus and Response, and their interrelation, thus exciting the AI’s corpus, independent of our interaction. In doing so we inadvertently educate a third-party platform, even without sharing our data’s content. We’ve handed over the key to interpreting this data and its typological metadata, and it’s only a matter of time before our unique know-how becomes common knowledge.
In conclusion, as we venture further into the digital age, the importance of robust cybersecurity measures cannot be overstated. Skrivanek’s commitment to data security, as highlighted by our ISO certification, serves as a beacon for companies navigating the complexities of data management and protection in the digital realm.
Josef Mareyi
