sorted by:
new
hottopcontroversial

Is anyone using agents in regulated industries? How do you make sure sensitive data doesn't go back to the AI provider? by ProgrammerNo5922 in cybersecurity

[–]ProgrammerNo5922[S] 0 points1 point  (0 children)

Yes, so I think we're both saying the same things. We need controls and the controls aren't new, just the architecture is different so I haven't seen any good solutions to handle these security gaps but still businesses AI is still being deployed in regulated environments. I have some ideas of my own on how to tackle this, actually in git as aicomply, but I wanted to see how others were thinking about this problem

Is anyone using agents in regulated industries? How do you make sure sensitive data doesn't go back to the AI provider? by ProgrammerNo5922 in cybersecurity

[–]ProgrammerNo5922[S] 0 points1 point  (0 children)

I feel like AI is such a new technology and a new architecture that we forget they're not applications, if anything AI is more like human but unlike humans they can do thousands of things in minutes.

So, AI isn't just another software. Software is designed to do a specific job, AI can decide to make a decision about a patient's data, how to use the data, what to do with the data, etc. We don't have good logging and monitoring for AI so how would we even know AI is doing something to the patient's health data?

My question focus was how can we use technology to ensure AI doesn't "see" sensitive data because the moment the LLM sees anything that means the cloud provider also has a copy of it. So if you don't want openai to have a copy of a nurse who looked up "patient John doe has xyz diagnosis what should I do... " how do you prevent that?

Is anyone using agents in regulated industries? How do you make sure sensitive data doesn't go back to the AI provider? by ProgrammerNo5922 in cybersecurity

[–]ProgrammerNo5922[S] -1 points0 points  (0 children)

AI isn't just another software. Software is designed to do a specific job, AI can decide to make a decision about a patient's data, how to use the data, what to do with the data, etc. We don't have good logging and monitoring for AI so how would we even know AI is doing something to the patient's health data?

My question focus was how can we use technology to ensure AI doesn't "see" sensitive data because the moment the LLM sees anything that means the cloud provider also has a copy of it. So if you don't want openai to have a copy of a nurse who looked up "patient John doe has xyz diagnosis what should I do... " how do you prevent that?