Protecting Data in the Age of Generative AI: Nightfall AI Launches Innovative Security Platform

All organizations are eager to harness the productivity gains of generative AI, starting with ChatGPT, despite the security threat of having their confidential data leaked in large language models (LLMs). CISOs tell VentureBeat they are split on the issue, with AI governance becoming a hot topic in risk management discussions with boards.

Alex Philips, CIO at National Oilwell Varco (NOV), told VentureBeat in an interview earlier this year that he is taking an education-centric approach to keeping his board up to date with the latest benefits, risks and of the current state of gen AI technologies. Philips says having an ongoing educational process helps set expectations about what the AI ​​generation can and cannot do, and helps NOV put in place safeguards to prevent leaks of confidential data.

Several healthcare CISOs and CIOs restrict access to ChatGPT across all research and development, pricing, and licensing business units. VentureBeat has learned that CISOs are divided on whether and how they handle the security threat of confidential data ending up in LLMs. Not having gen AI as a research tool is a competitive disadvantage that healthcare providers are willing to do without because the risks to their intellectual property, pricing and licensing are too great.

Unleash productivity while reducing risk

The challenge is to secure confidential data while enabling employees to be more productive using gen AI and ChatGPT at the browser, application and API level. Data Loss Prevention (DLP) Cloud Platform Nightfall AI today announced the first data security platform for AI generation that covers API browser and application generation protection Software-as-a-Service (SaaS).

Designed to tackle the productivity paradox that CISOs and CIOs face when it comes to Generation AI in their organizations, Nightfall AI’s platform is the first DLP platform that adapts to three main threat vectors that CISOs most need to secure when Gen AI and ChatGPT are in use in their organizations. The goal is to enable organizations to safely use the benefits of AI while protecting sensitive data and reducing risk.

The Nightfall for GenAI Data Security Platform consists of three products which include:

Nightfall for ChatGPT. Nightfall AI’s browser-based solution provides real-time analysis and removal of sensitive data entered by employees into chatbots before exposure. Providing a browser-based extension is one of the least intrusive ways to protect data, as it’s a technique that lends itself well to minimizing the impact on user experiences. Nightfall AI CEO Isaac Madan told VentureBeat that user experiences with Nightfall for ChatGPT formed the basis of the product’s design goals.

Madan says initial supported browsers include Apple Safari, Google Chrome, and Microsoft Edge.

Eric Cohen, vice president of security at Genesys, considers Nightfall for ChatGPT a breakthrough in enabling Genesys colleagues to access gen AI products while reducing risk. Cohen told VentureBeat that the ideal is for Nightfall AI to take a collaborative approach to helping users remediate data risks on their own without requiring them to be generative AI experts.

Nightfall for LLMs: APIs are one of the core strengths of Nightfall AI, which is reflected in how they have risen to the challenge of enabling large-scale enterprises to realize productivity gains through generation AI. Nightfall for LLMs is a developer API that detects and removes data developer input to train combined LLMs in a software development kit (SDK). Many industry leaders have already integrated these APIs into their workflows.

Cohen told VentureBeat that Nightfall AI’s API strategy provides the customization and flexibility Genesys needs to scale gen AI protection across its organization and technology stacks. Nightfall AI also provides insights into redaction rates, adding further insights and learning how generation AI can be safely used for greater productivity, he said.

Nightfall for SaaS: Nightfall for SaaS delivers data loss prevention directly into popular SaaS application workflows, allowing enterprises to detect and remove sensitive data as third-party AI systems process it. This prevents the exposure of sensitive information in chatbot conversations, documents, cloud storage, and other SaaS applications. Nightfall for SaaS was implemented by MovableInk, Aaron’s, and Klaviyo, who need to secure customer data within their SaaS ecosystems. By leveraging Nightfall’s DLP capabilities natively within these applications, these businesses can leverage third-party AI while maintaining control and visibility of their sensitive data.

All of these products are available today to explore. Nightfall for ChatGPT is available on the Google Chrome store as part of a 14-day free trial offered by Nightfall AI.

Securing the future of generative AI productivity gains

Cohen told VentureBeat that gen AI productivity is key to enabling Genesys to continue to excel for its customers. “Generative AI offers significant productivity gains for organizations across teams…but until Nightfall AI, there was a lack of security products that allowed us to use these tools securely,” did he declare. Cohen found Nightfall AI while actively researching DLP solutions to solve a data privacy issue that Genesys was facing. Customizing Nightfall’s data rules had an advantage over the other options he had looked at.

CISOs tell VentureBeat that they have three main concerns about adopting GenAI as a research and productivity platform. First, they are concerned that employees may include sensitive data (such as software credentials or customer personal information) in chatbot prompts. Second, they are concerned that employees may inadvertently expose confidential company data using SaaS applications such as Notion that use third-party AI contractors such as Anthropic. Finally, their third concern relates to engineers and data scientists using confidential data to build and train their LLMs. This last concern is underscored by a recent incident where users tricked ChatGPT into generating active API keys for Windows.

“GenAI has the potential to deliver substantial productivity benefits to employers and employees, but the lack of a comprehensive DLP solution hampers the safe adoption of AI,” Madan said. “As a result, many organizations have either blocked these tools altogether or resorted to multiple security products as a patchwork solution to mitigate the risk.” This struggle ultimately led to the creation of Nightfall’s latest innovation: Nightfall for GenAI.

Frederic Kerrest, co-founder and executive vice president of Okta, praised Nightfall and compares its latest initiatives to Okta’s early days. “When using Nightfall, I have seen many similarities to our first vision at Okta, where we centralized user access and security management for all cloud applications. Nightfall is now doing the same for user security. generative AI and cloud data.

Early adopters like Genesys point to the benefits of Nightfall’s customizable data rules and remediation information that helps users self-correct. For CISOs, the platform provides the visibility and control needed to leverage AI while maintaining data security with confidence. The availability of Nightfall’s generation AI-driven platform marks a significant milestone in realizing the potential of AI.