Broader support for confidential AI use cases provides safeguards for machine learning and AI models to execute on encrypted data inside of trusted executions environments. Credit: Cryteria / Insspirito Opaque Systems has announced new features in its confidential computing platform to protect the confidentiality of organizational data during large language model (LLM) use. Through new privacy-preserving generative AI and zero-trust data clean rooms (DCRs) optimized for Microsoft Azure confidential computing, Opaque said it also now enables organizations to securely analyze their combined confidential data without sharing or revealing the underlying raw data. Meanwhile, broader support for confidential AI use cases provides safeguards for machine learning and AI models to use encrypted data inside of trusted executions environments (TEEs), preventing exposure to unauthorized parties, according to Opaque. LLM use can expose businesses to significant security, privacy risks The potential risks of sharing sensitive business information with generative AI algorithms are well-documented, as are vulnerabilities known to impact LLM applications. While some generative AI LLM models such as ChatGPT are trained on public data, the usefulness of LLMs can skyrocket if trained on an organization's confidential data without risk of exposure, according to Opaque. However, if an LLM provider has visibility into the queries set by their users, the possibility of access to very sensitive queries - like proprietary code - becomes a significant security and privacy issue as the possibility of hacking increases dramatically, Jay Harel, VP of product at Opaque Systems, tells CSO. Protecting the confidentiality of sensitive data like personally identifiable information (PII) or internal data, such as sales figures is critical for enabling the expanded use of LLMs in an enterprise setting, he adds. "Organizations want to fine-tune their models on company data, but in order to do so, they must either give the LLM provider access to their data or allow the provider to deploy the proprietary model within the customer organization," Harel says. "Additionally, when training AI models, the training data is retained regardless of how confidential or sensitive it is. If the host system's security is compromised, it may lead to the data leaking or landing in the wrong hands." Opaque platform leverages multiple layers of protection for sensitive data By running LLM models within Opaque's confidential computing platform, customers can ensure that their queries and data remain private and protected - never exposed to the model/service provider or used in unauthorized ways and only accessible to authorized parties, Opaque claimed. "The Opaque platform utilizes privacy-preserving technologies to secure LLMs, leveraging multiple layers of protection for sensitive data against potential cyber-attacks and data breaches through a powerful combination of secure hardware enclaves and cryptographic fortification," Harel says. For example, the solution allows generative AI models to run inference inside confidential virtual machines (CVMs), he adds. "This enables the creation of secure chatbots that allow organizations to meet regulatory compliance requirements." Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe