With the growth of AI increasing (as it will for many years to come) we are now starting to understand some of the challenges we have inside organisations and with that, we have seen organisations get it wrong with data leakage.
ChatGPT is a free tool that is released as a consumer tool and has massive capabilities with any user. But what does this mean for the enterprise, the public sector or even small businesses who want to use Large Language Models to support them with their work and goals.
What you have to remember with current Large Language Models is that it uses the data you feed it to learn and become smarter, to then give you a better output. If you gave ChatGPT, BingChat or Google Bard, the same question 3 months ago as you did today, you would get a far better answer today.
So does this mean that if I’m feeding these LLMs, that I’m letting it learn about my data, which can then be seen by other users? The simple answer is YES!!
Here is a real-life example of Samsung having a data breach through ChatGPT
Samsung:
“The company allowed engineers at its semiconductor arm to use the AI writer to help fix problems with their source code. But in doing so, the workers inputted confidential data, such as the source code itself for a new program, internal meeting notes data relating to their hardware.
The upshot is that in just under a month, there were three recorded incidences of employees leaking sensitive information via ChatGPT. Since ChatGPT retains user input data to further train itself, these trade secrets from Samsung are now effectively in the hands of OpenAI, the company behind the AI service.”
Source: https://www.techradar.com/news/samsung-workers-leaked-company-secrets-by-using-chatgpt
The Problem:
“We want to enable users to use LLMs to improve their productivity and work life, but we don’t want them to use consumer platforms that can store our data and make it available externally to users. Our data is our data and we do not want it stored outside of our network.”
The Answer:
BingChat Enterprise
We first need to understand what BingChat is to understand how the enterprise version works.
What is BingChat?
Microsoft have heavily invested in the Non-Profit that has created ChatGPT, OpenAI. Investing another $10b in 2023, Microsoft have been able to take the OpenAI technology and implement this into Azure for you to use in your own applications but at the same time, Microsoft have looked to implement this into their own products such as Microsoft 365 CoPilot and Windows 11 CoPilot.
Microsoft also wanted their own branded LLM which is called BingChat which uses their own architecture which is called Prometheus which looks at the Bing Search Index and the language/text responses that OpenAI can provide to give a different response to its competition such as ChatGPT and Google Bard. Some of the additional features that BingChat provides over its competition is the ability for it to reference its source data so you can see where it has used from the Bing index and provide results and links to you in its response.
To access BingChat, you would have to use your Microsoft account and log into bing.com. What is important here is that a Microsoft account is a personal account and not a Work/School account (as Microsoft call it). With a Work/School account your log in details are managed by your Microsoft 365 administrators where as your Microsoft account is completely owned by yourself. Another way I like to describe it is that you can use your Microsoft account to play Xbox but you can’t with a Work/School account 😉 🎮 consumer vs enterprise.
So looking back at what I’ve said above, if Samsung had used BingChat, it still would have been a data breach as it was using a personal account and would have been saved within the Bing logs to help its Prometheus architecture to grow.
Up step Microsoft with Bing Chat Enterprise
At the Microsoft Inspire conference (one of Microsoft 3 large conferences each year), they announced BingChat Enterprise adding to their further portfolio of features for AI for the enterprise.
With BingChat Enterprise we will be able to use BingChat with your School/Work account. We can log in to the service that is managed by our organisation and start using the LLM that is provided in a secure manner.
Microsoft have stated that BingChat Enterprise has “Commercial Data Protection” meaning that if you feed it business data, it will not go into any LLM to learn from that data nor be part of the Bing Index. This is massive for bringing LLMs like BingChat into the enterprise as we now have a secure and safe place where data can be inputted knowing that Microsoft is a trusted partner and we know the data will not be used.
What about Microsoft 365 CoPilot and how is this different?
BingChat Enterprise just uses the Bing Index and the LLM to give you an output based on the conversation you are having. It will give you a response based on what the Bing Index can see. The Bing Index cannot see your Microsoft 365 data meaning that if you ask a question to BingChat Enterprise it will not formulate a response based on you data. This is where Microsoft 365 CoPilot becomes the upgrade path from BingChat Enterprise to then ask the LLM to give you a response based on the data you see within your Microsoft 365 environment.