AI Security, Intellectual Property (IP) & Privacy Gaps – What is confidential to AI?

31 Oct. 2024 - - Total Reads 917

AI Security and IP

Why AI doesn’t know what’s confidential — and how to protect your business from exposure

AI models are not inherently secure. They’re not aware of what’s private, regulated, or commercially sensitive. When you pass confidential information into ChatGPT or other large language models, they don’t have built-in filters to protect your IP, redact private user data, or comply with privacy frameworks like GDPR or HIPAA. That’s your job — and in regulated industries, failing to do so can trigger serious consequences.

Why This Is a Problem

LLMs don’t understand security boundaries. If you give them sensitive content — a legal contract, internal strategy doc, or a patient file — they’ll happily analyse, summarise, and even remix that data. Worse, if you don’t properly clean the inputs and outputs, the model can:

  • Leak confidential info in its responses
  • Include identifying data when responding to unrelated prompts
  • Misclassify, hallucinate, or suggest actions that violate compliance rules

Does OpenAI Train on Your Data?

By default, yes — inputs into ChatGPT may be used to improve the model. This includes prompts and content submitted through the public web interface (chat.openai.com). However, API usage is opt-out by default — OpenAI states that API inputs are not used for training unless explicitly enabled.

Still, if your data is proprietary or sensitive, it’s safest to:

  • Assume all external model use is untrusted
  • Treat prompts as if you’re publishing to the internet

Mitigation Strategies

1. Redact and Mask Data Before Sending to the Model

Remove or replace identifiable fields before sending prompts;

user_prompt = “Customer John Smith at ACME Corp requested refund.”
safe_prompt = user_prompt.replace(“John Smith”, “[REDACTED_NAME]”).replace(“ACME Corp”, “[REDACTED_ORG]”)

Use token-based masking for more granular protection.

2. Hash Identifiable Fields (for reversible matching)

If you need to link back to original data later:

You can store this hash as a reference key — the model sees only anonymised input.

3. Use Internal LLMs or Isolated Environments

For highly sensitive work (IP, legal, R&D), consider:

  • Running LLMs in a private cloud or on-prem
  • Using open-source models like LLaMA or Mistral inside firewalled environments
  • Wrapping models with policy enforcement, logging, and audit tools

4. Filter and Post-Process AI Output

Even if input is safe, the model can still generate unsafe responses. Use regex filters, classification models, or human review to scrub outputs before they’re exposed to users.

When This Matters Most

  • Legal: Leaking case files or privileged communications
  • Healthcare: Exposing patient info, violating healthcare codes
  • Finance: Sharing transaction history, insider data
  • Tech: Revealing product roadmaps, code, or strategies

Final Thought

LLMs don’t protect your data — they process what you give them. That means security and privacy need to be enforced before and after the model, not just inside it. With smart redaction, structured pipelines, and enterprise-grade access control, AI becomes powerful and safe.

Need help deploying AI without risking your IP? AndMine can help you design secure, scalable AI systems that protect your data and reputation.

Michael Simonetti, BSc BE MTE
Posted by:

Post Reads: 0.9K

Share this

Go on, see if you can challenge us on "AI Security, Intellectual Property (IP) & Privacy Gaps – What is confidential to AI?" - Part of our 183 services at AndMine. We are quick to respond but if you want to go direct, test us during office hours.

Add Your Comment

Trusted by

Cronos Australia
Appstore
learning partners logo
GPT Group
Mecca Brands
Australian Government
Castran Gilbert
Bostik
Federation Square
SMH – The Sydney Morning Herald
Magento
Natralus Australia
Kadac
CB Richard Ellis
Hairhouse Warehouse
Chia
Bank of Cyprus
Tribe
Melbourne Heart
QV Skincare
Passage Foods
mas national logo
OpenAI
Launtel
Herbert Smith Freehills
SwinBurne University of Technology
Melrose Health
Google
Ego Pharmaceuticals
Sports Power
Adobe Professional
Cooper Mills
PranaOn
Madman Entertainment
Toni&Guy
Ubertas Group
King Wood Mallesons
skillhire logo
Macmillan Publishing
Moov Head Lice
Fit My Car
Instant RockStar
French Tables
Hanover
Heat Holders
Engineers Without Borders
Palace Cinemas
intojobs logo
Federation University Australia
Ello
Australian Anthill
iPrimus
Green St Juice CO
Bulk Nutrients
OJAY
Grainshaker
nara logo
GooglePlay
ABC
Plants
Craft CMS
DUSA, Deakin University Student Association
Royal Freemasons
Gilchrist Connell
BlackMores
Melbourne Central
Novvi
Brisbane Times
Telstra
Fast.co
Movember
Elucent
Dial Before You Dig
aga logo
Drupal
Coles
Rock Pool Group
Magento Solution Specialist
AC/DC
findstaff logo
Paypal
Wild Rhino Shoes
ISO CERTIFIED 27001
National Relay Services
Taylor Rose
Florsheim Shoes
Bondi Sands
RMIT University
The University Of Melbourne
Carlton Football Club
Jetstar
Schiavello
Metricon
Melbourne Sports and Aquatic Centre – MSAC
ADP Payroll
Toy World
Mamma Lucia
The Royal Melbourne Hospital
Tek Ocean
The Age
Victorian Government
ATT logo
CCI
21st Century Australia Party
Bolle Safety
Matchbox Homewares
Rydges
itfe logo
WTFN
Van Egmond Group
The Burger Cheese
ACTUATE IP
CAN- Common Wealth Bank
University of South Australia
Street Kitchen
Etihad Stadium
Fairfax Media
Grow Your Business
htn logo
The Fortune Institute
Arc One
VISSF
National Museum of Australia
NGS Super
James Buyer Advocates
Windsorsmith
Microsoft Certified Azure Fundamentals
White Suede
intowork logo
Tassal
help logo
Amino Active
Beaumont
High Street Armadale
Forbes
Viktoria & Woods
Rackspace
Parker Lane
Jalna
One Shift
The Canberra Times
Australian Physiotherapy Association
Tomorrow Stars Basketball
Maxine
Passage To India
Boston Consulting Group
131 Pizza
Bigcommerce
HGG 
Positive Poster
Fresh Cheese Company
Cell Therapies
Ebay
Arthur Galan
Celebrate Health
Cleanfit
Corrs chambers westgarth
ISO Certified
Garmin
Crumpler
Aqium Gel
Sunday Creek
Dinosaur Designs
DeeWhy Market
Xavier
Atlantic Group of Companies
OMS – Order Management System
Melrose MCT
Unsw Australia
Bintani Australia
Inferflora
liberal
LBG Australia and New Zealand
Associated Press
ctc logo
McArthur Skincare
Thomson Geer
MyAccount
Vendor Advocacy Australia
interact logo
NextTech
SunSense Digital Agency
Uber
Catholic Insurance
Scrum.org
POSTER Magazine
Eway
NMI Insurance
Globird
Grays Ecommerce
Gadens
Focus On Furniture
nextgenskills logo
Smart Company
Banki Haddock Fiora
Vitura Health
Oakdale Meat Co
MAP
Think & Grow Rich Inc
kestrel logo
Kay&Burton
Gilbert+Tobin
Oracle
Max’s
Switzer Media+Publishing
Watches of Switzerland
Mark Alexander Design
Marshall White
Loan Market
work and training logo
Australian Organic Food CO
News
Engine Swim
Peter Mac
TPP
Shell
Acquia Certified Site Builder Drupal
Macpherson Kelley
Naturtint

Testimonials

Not only is Michael professional but he is also a great friend to have in your court. He is balanced in his advice, fair in his quotes and has the best twitter feed for all things tech - i highly recommend you follow him and also hire him! Clare Smith, GM – Brand & Marketing Communications at Sensis

More Testimonials
AndMine-Google-Partner-Signature