Earlier this summer, it made the news that some conversations with ChatGPT were indexable on Google, with tens of thousands of “private” chats suddenly available for the entire internet to see, potentially exposing enough personal data and conversational clues for users to work out who was behind the chat. These chatlogs, containing everything from ChatGPT-based therapy to a lawyer working out how to displace indigenous communities in the Amazon (yes, really), were ‘leaked’ when users had clicked a button to share the conversation, with some teeny tiny small print from OpenAI instructing them that it might result in them being found through search engines.
Despite OpenAI scrambling to get the conversations deindexed, the entire story opened eyes globally to potential privacy concerns, and raised awareness in businesses of the need for tighter controls over what kind of data is entered into LLMs such as ChatGPT.
How and why have we gotten to this point?
Although AI isn’t new, the rapid adoption of LLMs into everyday life has, for many, meant figuring it out as they go.
One minute, people were searching for answers the ‘old-fashioned’ way (Google, of course; although we say old fashioned with a hint of irony as we’re old enough to remember Encyclopedias and physical reference books!). The next minute, we were typing prompts into ChatGPT, trying to make sense of how this machine could finish our thoughts better than we could.
And it’s no surprise that the adoption was rapid; LLMs, in general, can be brilliant. Tools like ChatGPT can save time, help get ideas flowing, or give you a starting point when your brain has gone blank. Need to analyse data? Throw it a spreadsheet and ask an LLM to do it for you.
But here’s the catch: data on that spreadsheet, once it’s in the system, is locked in. If you haven’t told ChatGPT not to train other people’s conversations on your own, there’s every chance it’ll use that data to answer your competitor’s queries. If that data contains personal information, such as customer names, addresses or more, you’re potentially exposing your organisation to data leaks and privacy issues. Think about GDPR; have your users given their permission for you to upload their personal information into a third-party system in this way?
As tech consultants who deal with data security day in day out, we’re naturally having a lot of conversations about this. We’re speaking to more and more business who don’t understand quite how it all works, and need help creating their internal policies and processes to protect themselves. Many don’t know whether their data is safe within systems or exposed to their competitors, or how to tell the difference between a helpful response and a hallucination dressed up in overcomplicated language. For enterprise size organisations, policy is one thing, but in reality, ensuring data safety across complicated internal structures and multiple teams is a whole other ball game.
The good, the great… and the not-so-great
There’s no denying the usefulness of AI. But for AI to be helpful, it needs us to feed it information and feedback on the responses. And when we do that, we need to be careful. Because even though the tool feels like it’s “just for us,” we don’t always know where our information is going or how it might be used.
The point of this article isn’t to fearmonger; it’s not about shutting the laptop and running away from AI (tempting as that might be). It’s about finding a way to use these tools responsibly and understanding the basics of how they work and learning how to use them with intention.
For businesses, they need to consider whether they are training people to use LLM’s correctly, and the safeguarding they are putting in place to protect information. By offering clear guidance on what data can and can’t be shared and providing examples of how to safely use LLMs, they can give people the confidence to experiment, whilst keeping sensitive information protected.
Businesses should also consider whether an LLM is the right fit for their organisation, and if so, whether there are options which combine the brilliants of generative AI and conversational search, with better safeguarding and data privacy to reduce their risk of data and PII exposure, competitor training or reputational damage.
The shameless plug: one way of doing this is through Chatz, our proprietary AI chatbot which is trained on your very own data and firewalled within your own systems to protect from harm.
In conclusion…
The recent leaks might have shocked some into immediate action, but AI isn’t something we need to master overnight.
We can get better at using it intentionally, conversing in a way that feels thoughtful and informed. As we understand more about how these tools work, we can get the best out of them.
And from a business perspective, it’s about being realistic about the best ways to introduce this technology to employees in a way that’s both empowering but protecting the organisation from potential damage. It’s not an easy job, but we’re here to chat if you’re interested in learning more about it.
