Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

All organizations are eager to harness the productivity gains of generative AI, starting with ChatGPT, despite the security threat of their confidential data being leaked into large language models (LLMs). CISOs tell VentureBeat they’re split on the issue, with AI governance becoming a hot topic in risk management discussions with boards of directors.

Alex Philips, CIO at National Oilwell Varco (NOV), told VentureBeat in an interview earlier this year that he’s taking an education-centric approach to keep his board of directors up to date on the latest advantages, risks and current state of gen AI technologies. Philips says having an ongoing educational process helps set expectations about what gen AI can and can’t do, and helps NOV put guardrails in place to avert confidential data leaks.

Several healthcare CISOs and CIOs are restricting ChatGPT access across all research and development, pricing and licensing business units. VentureBeat has learned that CISOs are divided on if and how they manage the security threat of confidential data finding its way into LLMs. Not having gen AI as a research tool is a competitive disadvantage healthcare providers are willing to go without as the risks to their intellectual property, pricing and licensing are too great.

Unlocking productivity while reducing risk

Event VB Transform 2023 On-Demand Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions. Register Now

The challenge is to keep confidential data secure while allowing employees to be more productive using gen AI and ChatGPT at the browser, app and API levels. Cloud data loss prevention (DLP) platform Nightfall AI today announced the first data security platform for gen AI that spans API browser and Software-as-a-Service (SaaS) application gen AI protection.

Designed to take on the productivity paradox CISOs and CIOs are facing when it comes to gen AI in their organizations, Nightfall AI’s platform is the first DLP platform that scales across the three top threat vectors CISOs need the most help securing when gen AI and ChatGPT are in use across their organizations. The goal is to enable organizations to securely use AI’s benefits while protecting sensitive data and reducing risk.



An example workflow of how Nightfall AI’s data security platform designed specifically for gen AI protects sensitive data from unauthorized disclosure into public-domain generative AI systems, reducing cybersecurity risks. Source: Nightfall.ai

The Nightfall for GenAI data security platform consists of three products that include:

Nightfall for ChatGPT. Nightfall AI’s browser-based solution provides real-time scanning and redaction of sensitive data entered by employees into chatbots before exposure. Providing a browser-based extension is one of the less obtrusive ways to protect data because it’s a technique that lends itself well to minimizing the impact on users’ experiences. Nightfall AI CEO Isaac Madan told VentureBeat that the experiences users have with Nightfall for ChatGPT formed the foundation of the product’s design goals.

Madan says the initial browsers supported include Apple Safari, Google Chrome and Microsoft Edge.

Eric Cohen, Vice President of Security at Genesys, considers Nightfall for ChatGPT a breakthrough in providing colleagues in Genesys with access to gen AI products while reducing the risk. Cohen told VentureBeat that the ideal is for Nightfall AI to take a collaborative approach to help users self-remediate data risks without requiring them to be generative AI experts.

Nightfall for LLMs: APIs are one of Nightfall AI’s core strengths, reflected in how they’ve taken on the challenge of enabling enterprises at scale to achieve productivity gains from gen AI. Nightfall for LLMs is a developer API that detects and redacts data developers’ input to train LLMs combined into a software development kit (SDK). Many industry leaders have already integrated these APIs into their workflows.

Cohen told VentureBeat that Nightfall AI’s API strategy provides the customizability and flexibility Genesys needs to scale gen AI protection across their organization and tech stacks. Nightfall AI also provides insights into redaction rates, adding greater insights and learning into how gen AI can be securely used for greater productivity, he said.

Nightfall for SaaS: Nightfall for SaaS provides data leak prevention directly within the workflows of popular SaaS applications, allowing companies to detect and redact sensitive data as third-party AI systems are processing it. This prevents sensitive information from being exposed in chatbot conversations, documents, cloud storage and other SaaS apps. Nightfall for SaaS has been implemented by MovableInk, Aaron’s and Klaviyo, who need to secure customer data within their SaaS ecosystems. By natively leveraging Nightfall’s DLP capabilities within these apps, these companies can leverage third-party AI while maintaining control and visibility into their sensitive data.

All of these products are available today to explore. Nightfall for ChatGPT is available on the Google Chrome store as part of a 14-day free trial Nightfall AI offers.

Securing the future of generative AI’s productivity gains

Cohen told VentureBeat that gen AI’s productivity is integral to enabling Genesys to continue excelling for their clients. “Generative AI offers significant productivity gains for organizations across teams … but until Nightfall AI, there was a lack of security products that allowed us to use these tools safely,” he said. Cohen found Nightfall AI while actively researching DLP solutions to solve a data privacy problem Genesys was facing. The customizability of Nightfall’s data rules presented an advantage over other options he had looked into.

CISOs tell VentureBeat they have three main concerns regarding adopting GenAI as a research and productivity platform. First, they’re concerned that employees will include sensitive data (such as software credentials or customer PII) in chatbot prompts. Second, they’re worried that employees might inadvertently expose confidential company data using SaaS apps such as Notion that use third-party AI sub-processors such as Anthropic. Lastly, their third concern revolves around engineers and data scientists using confidential data to build and train their LLMs. This last concern is underscored by a recent incident where users tricked ChatGPT into generating active API keys for Windows.

“GenAI has the potential to offer substantial productivity benefits for employers and employees, but the lack of a complete DLP solution is impeding the safe adoption of AI,” said Madan. “As a result, many organizations have either completely blocked these tools, or have resorted to using multiple security products as a patchwork solution to mitigate the risk.” This struggle ultimately drove the creation of Nightfall’s latest innovation: Nightfall for GenAI.

Frederic Kerrest, cofounder and executive vice chairman of Okta, commended Nightfall and compares its latest initiatives to Okta’s early days. “When using Nightfall, I have seen many similarities with our early vision at Okta, where we centralized user access and management security for all cloud apps. Nightfall is now doing the same for data security across generative AI and the cloud.”

Early adopters like Genesys highlight the benefits of Nightfall’s customizable data rules and remediation insights that help users self-correct. For CISOs, the platform provides the visibility and control needed to leverage AI while maintaining data security confidently. The availability of Nightfall’s gen AI-focused platform marks an important milestone in realizing AI’s potential.