The Hidden Crisis in Enterprise AI: When Chatbots Become Chatty

AI is revolutionizing how employees discover and use enterprise knowledge. Instead of wading through siloed data, AI copilots quickly surface the right information—boosting productivity [1].

But there’s a dark side to these copilots: data leaks. A recent survey shows 45% of organizations using AI chatbots have experienced leaks, and 80% cite security and privacy concerns as the biggest barrier to wider adoption [2].

_{What makes copilots leak?}

While most data sources provide strong identity and access management, AI re-indexes data in new formats which can create new issues and magnify existing ones. This happens for three key reasons:

1: Excessive Agency: Copilots operate over admin credentials which grants them powers to scrape data indiscriminately. Once these credentials are granted, enterprises have little control over what gets indexed and used for generating responses.

2: Removal of “practical obscurity”: Due to the sheer volume of enterprise data, permissions on the underlying documents are often improperly or excessively granted. Chatbots inherit these incorrect permissions and also make them easily exposable by pulling the information in their response.

3: Novel Threats: AI interactions are opaque and can leak data in unpredictable ways. Prompt injections and other security issues also allow adversaries to manipulate AI into leaking information [3].

Protecting sensitive information from accidental or intentional leakage through AI copilots is a significant challenge. With skyrocketing usage, enterprises cannot afford to wait for copilot makers to improve their security foundations and require external solutions.

_{Traditional security solutions do not work}

Historically, enterprises have existing data security tools like DLPs and DSPMs and there is a natural inclination to use them to secure information in copilots. However, this is a flawed approach.

Limitations of traditional solutions include,

Usage of hard-coded patterns like REGEX and keywords. These patterns are completely ineffective against AI which can leak information in many languages, encodings, and even over multiple prompts.

While incorrect permissions are a significant cause of data leaks, fixing them over millions of documents and users is impractical. Enterprise content and user-roles change frequently and maintaining right permissions quickly becomes a game of whack-a-mole.

Even with correct permissions, some information is too sensitive to use with AI (for example, HR records, M&A) [4]. For such cases, enterprises need the ability to define safe use policies and enforce them without making changes to the underlying data.

Fixing permissions as your only security control

Due to their inability to detect complex sensitive information and deal with ever-changing usage patterns, DLPs and DSPMs are ill-suited for the fast-evolving AI applications. As AI becomes the primary way in which enterprise knowledge is created and consumed, it is important to build AI-native security solutions.

_{A new path forward}

While AI has negatively affected data security, it also presents an opportunity to create innovative data security solutions by using models that can reason about data in the same ways as a human can.

Using these foundations, Realm Labs has developed a breakthrough AI Detection and Response solution that:

Protects sensitive information through contextual understanding of the whole text with very high accuracy, going beyond regex and keyword matches.
Detects and Responds in real time as opposed to offline solutions like DSPM which are often slow to respond to emerging threats.
Provides a single pane of glass to manage and govern all copilots in the enterprise reducing the admin workload.

For enterprises that wish to harness the powers of AI copilots while minimizing the risks, Realm’s AIDR is the ideal lightweight approach to achieve this balance. For more, reach out to hello@realmlabs.ai.