Big data industry innovation service media
——Focus on data·Changing business
Recently, the news that OpenAI CEO Sam Altman returned to the board of directors has dominated technology news headlines, marking a milestone in the field of artificial intelligence. Sam Altman was also elected as "TIME"'s Best CEO of 2023. In 2023, we have witnessed a huge leap in AI technology, especially in the development of large-scale language models. ChatGPT 4.0 and domestic large-scale language models continue to promote technological revolutions in all walks of life with their continuously developing technical capabilities.
Progress in multimodal models has been particularly notable in the news in recent days. Google's Gemini model has demonstrated great progress in its ability to simultaneously understand and generate multiple content such as images, text, and videos, while Baidu Wenxinyiyan, iFlytek Spark, and Alibaba Tongyi Qianwen have made great progress in localized applications. The remarkable achievements have further broadened the application scope of AI technology.
At the application level, AIGC technology has become the new favorite of content marketing. Enterprises are using these advanced tools to generate creative marketing content. The application of tools such as Midjourney and Stable Diffusion in "Venture Graphics" allows content creators to easily transform text into beautiful image works based on prompt words. These AIGC Advances in technology are constantly changing the way businesses operate. The recent performance of Pika in the field of AI-generated videos has attracted widespread attention. It has opened the door to generating creative videos through text in the future.
These advances show that AI is no longer a technology that only exists in laboratories or only serves ToB customers, but has penetrated into every aspect of our lives and work. From enterprises to individuals, from writing poetry and painting to generating short videos, the application of artificial intelligence is affecting our work and lifestyle in various forms. As large model technology continues to mature and multi-modal applications continue to expand, we are standing on the threshold of a new technological revolution, and AI continues to expand the scope of human cognition. On the cutting-edge topic of enterprise information transformation, CIOs have begun to discuss the following topics in various groups: Can we integrate ChatGPT into office tools such as Feishu, DingTalk, and Enterprise WeChat? Can intelligent customer service robots be integrated into this advanced language model? Can CRM (Customer Relationship Management) and CDP (Customer Data Platform) systems be combined with ChatGPT to enhance data processing and customer service? Can these integrations be extended to human resources systems to assist with recruiting, employee training, and other HR-related tasks?
With opportunities come challenges. Businesses and individuals alike need to carefully consider how to ensure data security, privacy protection and compliance while pursuing innovation.
Challenges of AI in data security and privacy protection in enterprise systems
At the heart of these issues is the desire of enterprises to improve creativity and efficiency through AI, but at the same time, the integration of this technology carries potential information security, data leakage and legal risks.
1. Data leakage risk:
For example, when employees interact with ChatGPT and domestic large language models through corporate WeChat, users may be asked to provide sensitive data. If an employee accidentally provides sensitive company information, such as financial data, sales data, customer information, or internal confidential documents during interactions with ChatGPT, this information may be stored on ChatGPT's servers, resulting in the risk of data leakage.
2. Compliance risks:
China’s Cybersecurity Law and the soon-to-be-implemented Personal Information Protection Law (PIPL) have strict regulations on the collection and processing of personal data. Therefore, any business operating within China must ensure compliance with these laws when using ChatGPT or domestic large language models. Accessing ChatGPT through corporate WeChat or applications such as DingTalk and Feishu may result in personal data being transferred to third-party servers outside regulatory requirements, which may violate data protection regulations.
3. Authentication and access control:
When accessing ChatGPT through enterprise WeChat or application integration such as DingTalk and Feishu, regular authentication and access control processes may be bypassed. This may allow unauthorized users to access sensitive data or functionality.
4. Lack of records and monitoring:
When interacting with ChatGPT through these applications, there may not be adequate logging and monitoring to track the sharing and access of information. This makes it difficult to audit and track potential data breaches.
5. Risks of intellectual property rights:
When employees discuss the company's innovative ideas or upcoming products during interactions with ChatGPT, this information may be recorded and analyzed by third parties, resulting in inadvertent disclosure of intellectual property.
6. Risks of data export:
Chinese law requires certain types of data to be stored locally, and cross-border transfers are subject to strict conditions. This means that transferring data to U.S. servers without obtaining appropriate approvals may violate Chinese laws.
Risks in actual cases:
Assume that an enterprise integrates ChatGPT into its CRM system, intending to analyze customer data through AI data mining and deep learning, and provide personalized marketing strategies and customer services. This integration may indeed result in significant efficiency improvements—increased customer satisfaction and reduced marketing costs. However, companies may not notice that sensitive customer data is uploaded to AI servers in the cloud without appropriate security measures, which not only violates data protection regulations but also puts customer information at risk of being accessed by unauthorized third parties.
Suppose a company integrates ChatGPT or a domestic large language model into the human resources system to automate resume screening and preliminary interviews. This automation may greatly reduce the burden on the HR department. But systems can cause problems due to a lack of proper non-discriminatory design, as AI models unknowingly learn and apply biases from historical data, causing certain candidates to be incorrectly screened out based on factors such as gender, age, etc. . When making career recommendations, due to the uneven gender distribution in historical data, AI may recommend technical and managerial positions to men and logistics and clerical positions to women. If companies use such models to assist in the recruitment process, it may lead to gender bias and thus violate equal employment laws and principles.
When the model is used in intelligent customer service robots, it may generate inferences about the user's socioeconomic background based on the user's name, consumption level, or other labels, and inadvertently provide differentiated services, which may lead to unfair treatment of specific user groups. Fair treatment, especially when domestic CRM systems generate dozens or even hundreds of labels for customers.
Is private deployment possible?
The healthcare industry, financial services industry, government and public sectors, and research and development departments often need to handle large amounts of sensitive personal information or research data, and they are unwilling to provide these sensitive or high-value data to large public models. Large models need to be privatized to ensure data privacy and security. However, this approach also has shortcomings. High costs, maintenance complexity, the need for specialized technical staff and scalability issues are all issues that small and medium-sized businesses need to consider.
Strike a balance between efficiency and data privacy:
The author believes that when integrating artificial intelligence services such as ChatGPT into a company's internal application system, the following measures can be taken to ensure data privacy while improving internal efficiency:
1. Set up API gateway and data filtering layer:
Create an API gateway as an intermediary between the internal application system and the AI large language model. In this gateway, the data filtering function is implemented to ensure that any information passed to the AI large language model does not contain sensitive data. For example, personal information can be hidden through desensitization or the use of data masking techniques. For example, in an HR system that needs to automatically answer employees' questions about company policies through a large language model such as ChatGPT, the API gateway will remove or replace all personally identifiable information (PII), such as employee IDs, names, etc., before sending the request.
2. Use a secure API calling protocol:
Use the HTTPS protocol to encrypt the data at the data transmission level to ensure the security of data during transmission when calling the API.
3. Restrict authorized access to data:
Ensure that only authorized users can access the API. I recommend doing this through API keys and access control lists (ACLs).
4. Strict authority management:
Set strict permissions for users who use the domestic large language model or ChatGPT API to ensure that they can only access and operate necessary data. The fewer people who have access to data that contains sensitive information, the better.
5. Audit log:
IT application systems must log all requests sent and responses received via APIs for tracking and auditing in the event of a data breach or other security incident.
6. Regular evaluation and monitoring:
Regularly evaluate the benefits of using domestic large language models and ChatGPT, and monitor data access patterns to identify and resolve potential privacy issues.
7. Use custom models:
Large enterprises or government agencies can consider locally deploying models such as the domestic iFlytek Spark model or open source models such as Llama, ChatGLM, Bloom, Stable Diffusion, etc., so that all data processing is performed within the company and does not have to be sent to external servers. .
8. Choose suppliers with large model development capabilities
Currently, many suppliers of application systems such as CRM systems and customer service systems are developing vertical applications based on large models. For example, many companies in Europe and the United States use Salesforce to build corporate malls and CDP systems. Salesforce has built-in Einstein AI to improve data processing. and marketing automation efficiency, it also provides the ability to provide data desensitization processing to ChatGPT training. At present, many excellent vertical large-scale models have made gratifying progress. Enterprises can give priority to suppliers with large language model development capabilities to expand the use of future AI in internal enterprise application systems.
Provide security guidance for employees using public cloud large models
When using public clouds such as ChatGPT or AI domestic large language models for employees, you need to pay attention to the following points:
1. Set a complex password, such as a combination of letters, symbols and numbers, and change it regularly.
2. Set up MFA multi-factor authentication: Enable multi-factor authentication to add extra security.
3. Set up a list of large models in the company's public cloud to prevent employees from using unsafe large language model platforms.
4. When using the public cloud large model, employees must be warned not to upload sensitive personal information and company sensitive information to the AI large model to ensure that confidential data and private information are not leaked.
5. Organize regular network security and privacy protection training within the company to improve the ability to identify security threats such as phishing and social engineering.
Conclusion
Through the above measures, companies can use domestic large models or ChatGPT to improve internal efficiency while ensuring data privacy. While using AI to improve work efficiency, ensure that you avoid violating relevant privacy regulations and company policies.
·About the author of this article:
Li Desheng (Andrew Li), CIO of Samsonite (China) Co., Ltd. Joined Samsonite (China) Co., Ltd. in 2005. He has more than 20 years of digital experience in the consumer goods industry and has rich experience in IT governance, IT strategy, and digital transformation.
Editor in charge: Yueman Xilou / Data Monkey
