2 pointsby pradeep11773 hours ago2 comments
  • snailshare2 hours ago
    Our take has been that if you are working with one of these large companies, you cannot expect anything to be private. We've worked with a smaller more focused product where we were able to negotiate the necessary controls
    • pradeep11772 hours ago
      And what are those necessary controls?
      • snailsharean hour ago
        Either it needs to run on our hardware, or we need explicit contractual guardrails around use of the data for their purposes. Obviously anything you give Anthropic etc. is going into their training pipeline for instance, and they change their terms of use every week so it's impossible to work with as a small company with no leverage
  • toomuchtodo2 hours ago
    Sign an enterprise agreement that speaks to data retention and destruction requirements. Part of what you pay for is to shift the liability to the inference vendor.
    • pradeep11772 hours ago
      These data retention contracts are black boxes; you never know how your IP was leaked, and it could end up in the model's training data. It's like trusting META with your privacy settings.
      • toomuchtodo2 hours ago
        A contract satisfies our infosec program and cyber insurance requirements, confirmed by a corporate legal team. Our role is to manage enterprise risk and potential exposure within our risk appetite, not eliminate it.

        (already minimizing sensitive data storage and transit whenever possible, as an entity operating in a regulated industry)