Unfortunately, human error is the most common cause of data exposure when using LLMs. For example, an employee pastes some experimental source code into an LLM prompt with a request to structure it more concisely. Even though doing so is strictly against company policy, there is no systematic safeguard in place to block the prompt from leaving the company system.

How could merely including that information in a prompt to an LLM expose company data? The company’s highly confidential intellectual property (IP) included in the prompt by the sender has been shared with an unauthorized third party and now resides on that entity’s system. The security of the third-party system is unknown, potentially exposing the information to additional risk of dissemination if that system is breached. The source code could also be included in the LLM’s knowledge base and, therefore, be accessible to all users, putting the organization’s competitive advantage at risk and potentially leading to financial loss and diminished shareholder value.

CalypsoAI Moderator’s data loss prevention (DLP) scanner screens for code and other intellectual property. Prompts containing such content are blocked before they can leave your organization’s system and the user is alerted that their prompt must be revised prior to being sent. All details of the interaction, including the prompt content, sender, LLM, and date and time, are recorded, providing full auditability and attribution. Beyond protecting your IP, CalypsoAI Moderator safeguards your organization’s operations by ensuring all LLM transaction data remains within the organization. CalypsoAI does not harvest telemetry or any other data about your organization’s LLM interactions.