Security Management for Generative AI Features
When leveraging Pramana's Generative AI capabilities within SHIFT, there are several options available to ensure adherence to your data security policies. It is important to choose a model that works best for your organization by reviewing the options, and features, that require metadata and/or sample rows of data. Your organization can choose to utilize 3rd party models, such as OpenAI’s GPT4, or to leverage SHIFT’s hosted open source AI Models, such as Claude2 and Llama2, as well as new cutting-edge models, including Mistral.
-
Our top priority is to ensure your data stays in its source database or system, whether that is AWS, Snowflake, Databricks or Domo. SHIFT only uses entity values, such as company name or product name, to train our internal Large Language Models (LLMs).
-
You have the option to opt-in and enable features that leverage Generative AI, such as Text-to-SQL, Narrative Generation and Entity Classification from the application settings.
- Details regarding what data elements are sent to each available 3rd party model can be found in the application settings.
- If a 3rd party LLM does not align with your security policies, you can choose to leverage SHIFT's hosted LLM, which runs inside your own dedicated Kubernetes namespace, and does not require movement of any data or metadata.
Generative AI Features
Text-to-SQL
- By default, SHIFT only sends metadata, such as column names and data types, from database tables to the 3rd party LLMs. Optionally, you can choose to enable transmission of sample rows of data to improve the accuracy of the generated SQL.
- If leveraging SHIFT's internally hosted LLM, within your dedicated Kubernetes namespace, no data is transmitted to 3rd parties, providing the highest level of security. SHIFT’s locally hosted LLMs enable the power of Generative AI, while sidestepping the security pitfalls associated with data exposure, interception, or misuse
Narrative Generation
-
Narrative generation features require SHIFT to transmit metadata and results from natural language queries. When leveraging 3rd party models for generative AI capabilities, SHIFT must transmit the SQL results and metadata in order to generate human-readable sentences.
-
When leveraging 3rd party models’ generative AI capabilities, SHIFT has to transmit the data from the sql results and metadata to generate human readable sentences.
- If leveraging SHIFT's proprietary Natural Language Generation (NLG) models, no data is sent to 3rd parties. However, it should be noted that using 3rd party models for narrative generation can help with automation of those narratives, as well as provide an easier path to scaling content creation within SHIFT.
Entity Classification
- Entity Classification features require SHIFT to transmit metadata and sample rows of data in order to classify entities within the natural language question. As an example, for the question "What are total sales to Germany for electronics since 2010?", SHIFT would send random samples of data and ask the model to classify which entities from your data exist in the query. This enables higher accuracy levels when utilizing the text-to-SQL features of SHIFT.
- Optionally, you can generate your own entities (parameters) within SHIFT, and bypass sending data to 3rd party LLMs for entity classification.
Data Transmission and Encryption
- All requests to 3rd party LLMs are transmitted using encrypted channels, ensuring integrity and confidentiality for any data being transmitted. SHIFT is a guardian of your sensitive and/or proprietary data, and maintains the highest standards of privacy and security.
SHIFT Generative AI Models
- When leveraging Generative AI models within SHIFT, data stays inside SHIFT at all times. The data is never used for further training, and is discarded after results are displayed to the user. This offers the ultimate level of security for customers where even minimal data movement is restricted to companies such as OpenAI, AWS, etc.
How SHIFT stays ahead of AI security risks
At Pramana, we are committed to advancing our NLQ and NLG capabilities by offering an AI solution that resides entirely within the SHIFT ecosystem. Our in-house models aims to offer the same accuracy and feature sets as external models, such as GPT4, but with stronger security and data privacy.
By processing customer data locally, within the secure boundaries of the SHIFT platform, you will never need to transmit confidential or personally identifiable information (PII) data externally—reducing the risk of data breaches and unauthorized access.
Our commitment to hosting internal models underscores SHIFT’s dedication to providing innovative technology that prioritizes the safety and integrity of customer data. It is indicative of our ongoing efforts to empower businesses with AI-driven insights, all within a secure and trusted environment.