Skip to main content

The Problem

Unfortunately, human error is the most common cause of data exposure when using LLMs. For example, an employee asks the LLM to find the error in a short piece of source code they are working on and includes the code in the prompt. In another example, a member of the Mergers and Acquisition team has submitted a prompt that identifies by name a company targeted for a merger before the information has been made public. In each instance, there were no safeguards in place to block the prompt from leaving the company system.

The Challenge

How could merely including that information in a prompt expose company data? Well, that sensitive content—proprietary source code or confidential merger information— included in the prompt by the sender has been shared with an unauthorized third party and now resides on that entity’s system. The security of the third-party system is unknown, potentially exposing the IP to additional risk of dissemination. The source code itself could be used as part of the dataset used to train/retrain subsequent iterations of the LLM. The merger information could also be included in the LLM’s knowledge base and, therefore, be accessible to all users, putting the organization’s competitive advantage at risk. Both scenarios could lead to financial loss and diminished shareholder value.

The Solution

CalypsoAI Moderator provides data loss prevention (DLP) by scanning prompts for source code and standard private content, such as Social Security Numbers, as well as for user-established terms, such as employee numbers, and time-limited content, such as the name of the targeted company. The confidential and proprietary information is blocked before it leaves your organization, with the user being alerted that their prompt must be revised prior to being sent. All details of the interaction are recorded, providing full auditability and attribution.