AI Security, Intellectual Property (IP) & Privacy Gaps – What is confidential to AI?

31 Oct. 2024 - - Total Reads 916

AI Security and IP

Why AI doesn’t know what’s confidential — and how to protect your business from exposure

AI models are not inherently secure. They’re not aware of what’s private, regulated, or commercially sensitive. When you pass confidential information into ChatGPT or other large language models, they don’t have built-in filters to protect your IP, redact private user data, or comply with privacy frameworks like GDPR or HIPAA. That’s your job — and in regulated industries, failing to do so can trigger serious consequences.

Why This Is a Problem

LLMs don’t understand security boundaries. If you give them sensitive content — a legal contract, internal strategy doc, or a patient file — they’ll happily analyse, summarise, and even remix that data. Worse, if you don’t properly clean the inputs and outputs, the model can:

  • Leak confidential info in its responses
  • Include identifying data when responding to unrelated prompts
  • Misclassify, hallucinate, or suggest actions that violate compliance rules

Does OpenAI Train on Your Data?

By default, yes — inputs into ChatGPT may be used to improve the model. This includes prompts and content submitted through the public web interface (chat.openai.com). However, API usage is opt-out by default — OpenAI states that API inputs are not used for training unless explicitly enabled.

Still, if your data is proprietary or sensitive, it’s safest to:

  • Assume all external model use is untrusted
  • Treat prompts as if you’re publishing to the internet

Mitigation Strategies

1. Redact and Mask Data Before Sending to the Model

Remove or replace identifiable fields before sending prompts;

user_prompt = “Customer John Smith at ACME Corp requested refund.”
safe_prompt = user_prompt.replace(“John Smith”, “[REDACTED_NAME]”).replace(“ACME Corp”, “[REDACTED_ORG]”)

Use token-based masking for more granular protection.

2. Hash Identifiable Fields (for reversible matching)

If you need to link back to original data later:

You can store this hash as a reference key — the model sees only anonymised input.

3. Use Internal LLMs or Isolated Environments

For highly sensitive work (IP, legal, R&D), consider:

  • Running LLMs in a private cloud or on-prem
  • Using open-source models like LLaMA or Mistral inside firewalled environments
  • Wrapping models with policy enforcement, logging, and audit tools

4. Filter and Post-Process AI Output

Even if input is safe, the model can still generate unsafe responses. Use regex filters, classification models, or human review to scrub outputs before they’re exposed to users.

When This Matters Most

  • Legal: Leaking case files or privileged communications
  • Healthcare: Exposing patient info, violating healthcare codes
  • Finance: Sharing transaction history, insider data
  • Tech: Revealing product roadmaps, code, or strategies

Final Thought

LLMs don’t protect your data — they process what you give them. That means security and privacy need to be enforced before and after the model, not just inside it. With smart redaction, structured pipelines, and enterprise-grade access control, AI becomes powerful and safe.

Need help deploying AI without risking your IP? AndMine can help you design secure, scalable AI systems that protect your data and reputation.

Michael Simonetti, BSc BE MTE
Posted by:

Post Reads: 0.9K

Share this

Go on, see if you can challenge us on "AI Security, Intellectual Property (IP) & Privacy Gaps – What is confidential to AI?" - Part of our 183 services at AndMine. We are quick to respond but if you want to go direct, test us during office hours.

Add Your Comment

Trusted by

Sports Power
Melbourne Central
The University Of Melbourne
Thomson Geer
CAN- Common Wealth Bank
Plants
Hairhouse Warehouse
Positive Poster
Crumpler
Rock Pool Group
Bondi Sands
Matchbox Homewares
Corrs chambers westgarth
kestrel logo
Amino Active
ADP Payroll
Catholic Insurance
Appstore
Tomorrow Stars Basketball
Loan Market
Toni&Guy
Tassal
Engineers Without Borders
Gilchrist Connell
Florsheim Shoes
Marshall White
WTFN
Paypal
Hanover
Watches of Switzerland
French Tables
The Royal Melbourne Hospital
ISO CERTIFIED 27001
Ebay
131 Pizza
LBG Australia and New Zealand
Smart Company
DeeWhy Market
Bintani Australia
Moov Head Lice
Fit My Car
Parker Lane
Maxine
ABC
Focus On Furniture
Movember
help logo
Viktoria & Woods
Macmillan Publishing
Google
learning partners logo
Peter Mac
One Shift
Inferflora
White Suede
Grainshaker
Windsorsmith
Aqium Gel
Forbes
Australian Organic Food CO
AC/DC
Melrose MCT
Tek Ocean
University of South Australia
aga logo
Rydges
NGS Super
National Relay Services
The Fortune Institute
Wild Rhino Shoes
Australian Anthill
Mecca Brands
Castran Gilbert
Bolle Safety
Australian Physiotherapy Association
Mark Alexander Design
Engine Swim
Vendor Advocacy Australia
CCI
Magento Solution Specialist
Max’s
Fairfax Media
Van Egmond Group
Mamma Lucia
Bostik
Etihad Stadium
Unsw Australia
Naturtint
Heat Holders
Cronos Australia
Herbert Smith Freehills
ACTUATE IP
Grow Your Business
Coles
work and training logo
Banki Haddock Fiora
Toy World
Beaumont
itfe logo
NMI Insurance
Oracle
National Museum of Australia
The Canberra Times
Dial Before You Dig
Dinosaur Designs
DUSA, Deakin University Student Association
GooglePlay
Celebrate Health
GPT Group
Ubertas Group
Cleanfit
ISO Certified
findstaff logo
NextTech
MAP
Garmin
nextgenskills logo
Melbourne Sports and Aquatic Centre – MSAC
intowork logo
Shell
VISSF
News
CB Richard Ellis
QV Skincare
21st Century Australia Party
TPP
Federation University Australia
Tribe
Launtel
Chia
skillhire logo
Arc One
Craft CMS
Cell Therapies
Boston Consulting Group
Melbourne Heart
Palace Cinemas
HGG 
Fast.co
Sunday Creek
Passage To India
Gadens
Ego Pharmaceuticals
Associated Press
The Burger Cheese
Think & Grow Rich Inc
Schiavello
Vitura Health
Atlantic Group of Companies
Switzer Media+Publishing
Fresh Cheese Company
RMIT University
Globird
PranaOn
Telstra
Jalna
SwinBurne University of Technology
htn logo
ctc logo
McArthur Skincare
Green St Juice CO
Passage Foods
BlackMores
mas national logo
Scrum.org
James Buyer Advocates
liberal
Melrose Health
The Age
Oakdale Meat Co
Uber
ATT logo
Metricon
Acquia Certified Site Builder Drupal
Elucent
Madman Entertainment
Drupal
Victorian Government
Xavier
High Street Armadale
Natralus Australia
Carlton Football Club
Bigcommerce
Cooper Mills
Royal Freemasons
intojobs logo
Bulk Nutrients
OJAY
nara logo
Instant RockStar
iPrimus
Taylor Rose
SunSense Digital Agency
interact logo
OpenAI
Australian Government
Adobe Professional
Street Kitchen
Grays Ecommerce
OMS – Order Management System
POSTER Magazine
Brisbane Times
Jetstar
King Wood Mallesons
Bank of Cyprus
Kay&Burton
Kadac
Microsoft Certified Azure Fundamentals
Ello
SMH – The Sydney Morning Herald
Macpherson Kelley
Federation Square
Eway
Novvi
Rackspace
Arthur Galan
Gilbert+Tobin
Magento
MyAccount

Testimonials

I wanted to thank you and your teams for the responsiveness and quality of the work you have done for the french version of the site. We had a very good feedback on the quality of the site from our French network. Vincent Berlinet

More Testimonials
AndMine-Google-Partner-Signature