Small Biopharma AI

Should I share my secrets with AI?

Note โ€“ the topic complexity resulted in this article being longer and denser than typical. I tried to give users just starting with AI enough information without overload, while including links for more experienced users that want to dive deeper. If you find anything incomplete or inaccurate please add a note in the comments.

TL;DR

  • Donโ€™t paste secrets
  • Use dummy data
  • Use your AI to check account and update privacy settings

This is an article I thought about since I started using AI. As a drug developer, my responsibility is to increase and protect the companyโ€™s value. By a wide margin the largest value driver in most companies is itโ€™s non-public information. We must always tread carefully when sensitive information is involved.

If you plan to use AI in your job (and I recommend that you do), you need to understand exactly what happens to the information you give your AI prior to using any sensitive information.

Before we jump into the details, a few ground rules to establish:

  1. This article is not legal advice. This is how I use AI and what I have learned about AI privacy as of the date this article is posted. AI is moving incredibly fast, so itโ€™s possible that information has changed since posting. It is always your responsibility to do your own research and determine for yourself if and how you use any AI model.
  2. This article covers popular hosted generative AI services for personal use (i.e., Microsoft/Copilot, OpenAI/ChatGPT, etc.) that I will simply refer to as AI. I use Copilot the most so that will serve for my examples.
  3. I consider sensitive information anything that is non-public or confidential. Belowย are some examples of sensitive information. If you are not sure then assume it is sensitive and clarify before risking exposure:
    • Anything your company has done that is not patented, published or is covered under a Confidentiality / Non-Disclosure Agreement (CDA/NDA);
    • Patient personal identifying information;
    • Most company documents (contracts, SOPs, batch records, regulatory/clinical docs, etc.);
    • Any personal information (SSN, birth date, passwords, etc.).

OK, with that out of the way, letโ€™s dive in. First, the good news:

  • If you do not want Microsoft to use your information for training, you can opt out in Copilotโ€™s Privacy settings. Youโ€™ll find step by step instructions here.
    • Just note that opting out applies going forward (not anything already entered) and changes may take some time to propagate.
    • I personally have not opted out. As you will see in this article, I do not share anything sensitive with AI so I am not concerned about it training on my information. But this is a personal decision for you to make.
  • Assuming you have not activated any external connectors or agents, then all interactions between you and Copilot are encrypted within Microsoftโ€™s infrastructure.
    • I have not yet found an effective use for external connectors or agents but I expect rapid growth in the future. Just be aware if you do enable connectors or agents they will expand where your data can go. If you are interested in learning more here is good place to start.
  • Encryption is a huge area that could be its own article. I am not an encryption expert and apologize to the experts for my mangled explanation. I will limit this to saying that I think itโ€™s relatively low risk to be compromised while sending info via Microsoftโ€™s encryption. If you would like to dig deeper into Microsoft encryption, here is a good resource.
    • AI is a dynamic tool, what you enter into the prompt window is being sent somewhere outside of your device (and company servers). Sort of like sending an email or instant message to AI. The physical programming of your AI is not on your local device, which requires sending your request to an external provider sever to get acted on and then send the output back to your device for you to read.
    • AI is fundamentally different from static content (i.e., a Word document) that is either stored locally on your device or in a contained cloud server that is not processed unless requested by you.
    • However, if you use AI inside of static content (i.e., using Copilot inside the Word document) then information flow becomes dynamic and all the same AI rules apply.
    • Dynamic information flow has special relevance for sensitive information because once it leaves your device/server it is now out of your control.

So far this all sound OK, our information is being sent somewhere outside our company but itโ€™s encrypted so sort of like online banking โ€“ not something I want to do on public Wi-Fi but should be fine on a trusted internet source.

But, not so fast! Before getting too comfortable here is the more important and less good news:

  • Any information sent to Copilot may be retained and stored as part of the interaction history (Microsoftโ€™s default storage is 18 months). This means any information you enter into the prompt window may be stored on the Copilot servers and is discoverable after your AI exchange has concluded.
  • There are ways to delete an AI exchange from Copilotโ€™s history (see end of article) but deletion is not guaranteed. Traces of an exchange may remain after deletion and there is no assurance that every copy of that exchange is irreversibly removed from all backend systems. Translation, anything you enter into a prompt window may remain on AI servers after deletion and could be discoverable.

So, understanding the high value of our sensitive information, my conclusion is:

SBAI Tip#8: Never put sensitive information into an AI prompt window

This may seem like a deal breaker when using AI at work but there are plenty of strategies you can use to leverage AI at work to ensure your sensitive information is protected.

Here are some AI best practices:

First and foremost, you need to be clear on exactly what is your sensitive information. I handle lots of data that in aggregate is sensitive but the individual pieces provide limited insight without being able to view them as part of the collective data picture.

An example might be in-process test data. The entire data package in aggregate from the batch provides clear insights into the process (and is sensitive), but one test result from a single step in a multiple step process? Not sure how that could be meaningfully extrapolated by anyone that canโ€™t see the full data set.

Ultimately this comes down to a judgement call. Just be crystal clear that whatever you put into the prompt window is now in the ether and beyond your ability to recall it. If you are not sure, my litmus test is to image sitting down with my bossโ€™s boss and explaining why I sent the information in question to an unsecured location outside the company. If the thought of this conversation makes me uncomfortable then I will not send it to AI.

Second, you can still leverage AI’s data analysis by creating dummy data or documents that mimic the real, sensitive information. This is my go to strategy. Just create data points that simulate the trend, format, etc. of your true dataset. You can also summarize the information in vague terms or mask confidential details rather than using verbatim content.

Do not include anything that could be used for identity (i.e. drug/chemical name, mechanism of action, specific equipment, vendor names, etc.). Also, be careful when copy/pasting directly into the prompt window. Itโ€™s quite easy to unintendedly paste something you did not mean to copy. An effective way to protect against unintended copy/paste is our next tip:

SBAI Tip#9: If you are copying anything that contains sensitive information, first paste the copy into a standalone document using the โ€œText Onlyโ€ paste option and carefully review it before transferring to the prompt window.

Your dummy data or document, once created, can now be freely shared with AI. I usually drag/drop the entire dummy data document into the prompt window, and engage in free exchange, change the inputs, etc. This can all be done without compromising your true dataset. Find more details on this method from my prior post on Excel troubleshooting.

Third, the majority of information transacted in a typical day is not sensitive. Published articles and patents are public information and can be freely shared (AI is a great tool to digest, summarize and interrogate large documents). Anything in a press release, SEC document, presented at a conference, etc. is fair game. If the information is in the public domain it is no longer sensitive.

Finally, there are tools in Copilot to set up companywide monitoring and controls to flag or block prompts that may contain sensitive information โ€“ a topic beyond the scope of this article. If you want to learn more about Copilot company accounts and tenantโ€‘managed organizational controls this article is a good place to start.

Now, you may be thinking, โ€œI donโ€™t use Copilot so none of this pertains to me.โ€ I hate to burst your bubble but most popular AIs have adopted similar privacy policies to Microsoft. There will always be differences between companies and models but information sent to a non-enterprise AI potentially being retained and discoverable after your AI exchange is pretty universal. Check your specific AI for more information.

Understanding your AI’s privacy is a cornerstone to using AI responsibly at work. And there are plenty of ways to leverage the power of AI without compromising your information. You just need to be aware of what you are prompting and take some extra precautions. Hopefully the above gives you a good starting point.

AI models change daily so I would love to hear if you have different information, recommendations or perspective – please share in the comments.

EXTRA CREDIT

If you want to go deep on AI privacy, change your privacy settings or have already sent something sensitive to AI; I thought it would be helpful to have a customized prompt available to plug directly into AI. Your AI is a good resource on itself, so use it to your advantage to get the most current insight.

Just copy and paste the italicized text below, exactly as is, into your prompt. This should work for any of the popular hosted generative AI services.

PROMPT:

You are an upโ€‘toโ€‘date security and privacy advisor (current to today). Produce a prioritized, actionable bullet list of activities an individual user can take to (1) protect sensitive information before and during interactions with public hosted proprietary generative AI services (for example consumer/web APIs and chatbots) and (2) delete or remediate sensitive information that was unintentionally sent to those services. Do NOT include organization- or enterprise-level actions.

For each bullet:

– Start with a concise action title in bold (one line).

– On the next line, provide a one-sentence rationale (why it matters).

– On the next line, give 1โ€“2 practical steps the individual user can take right now to implement it (short, numbered or dashed sub-steps).

– If the action has immediate legal, patent, or regulatory implications (e.g., disclosure, export controls, HIPAA, trade secret risk), add a single short, italicized note line naming the implication.

– End each item with a one-line suggested personal evidence or artifact to keep (e.g., timestamped screenshot, copy of provider response, service usage log excerpt).

Limit the list to the top 20 highestโ€‘impact activities for individual users, ordered by priority for protecting personal data and intellectual property when using public hosted proprietary models. Use plain language, avoid vendor marketing, and explicitly tailor every item to public hosted proprietary models only (do not reference enterprise/contracted or selfโ€‘hosted/open models). Where a step requires checking provider terms or requesting action from the provider, include an exact short checklist item the user can copy into a support request or email to the provider (one line).

Do not produce long essays; each item should be 3โ€“5 short lines as specified. After the list, include a twoโ€‘sentence summary of the single most important precaution for inventors using consumer AI chatbots and one twoโ€‘sentence summary for individual users handling regulated or highly sensitive personal data. Format the output as plain text with clear bullets so it can be pasted into a personal security checklist or blog post.

Note โ€“ the above prompt was generated using Microsoft Copilot (Think Deeper model) but should be applicable to any popular generative AI model. If you are interested in my prompting to generate the above it was:

Please generate a bullet point list of activities that someone could undertake when interacting with AI to protect their sensitive information and delete any sensitive information that unintentionally gets sent to AI. Understanding that interfaces and models will change, provide the optimal prompt that someone can paste into their AI and have the AI generate the list in real time using the most up to date information. Limit this prompt to an individual user (not organization level) and to public hosted proprietary models (not enterprise or open models).

SBAI Guy

, , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by