PERAI^TM Technologies =

Privacy Enhancing Technologies + Responsible AI Technologies

‍Challenge: Privacy Regulations + Responsible AI Regulations emerging across the globe.

As per EU’s AI Act, penalties for a non-compliant AI model deployed by a provider can range from € 35million or 7% of global turnover to € 7.5 million or 1.5% of turnover. This was preceded by GDPR, which set the global standard for privacy regulations and spread like wild fire across the globe. It has a maximum penalty of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. Because data is the raw material to build AI systems, AI systems which are not compliant with Privacy and AI regulations can attract a penalty of upto 11% (7% +4%) of their global revenue just in one geography EU. We have not even spoken about penalties in US,India, Middle East, China, Australia and 120 other countries which already have or coming up similar privacy and AI regulations.

‍

‍

Privacy & AI Attacks: Siloed traditional approach to Privacy & AI compliancewon’t work

There are different kinds of attacks possible at the data level beyond PII leak, like – singling out attack, linkage attack, inference attack, outlier attack, background knowledge attack, collective privacy attack and more at the data level. Failing to mitigate above privacy risks results in successful execution of emerging AI model attacks like direct attack, transfer attack, jail break attack, evasion attack and information extraction attacks like model stealing attack, attribute inference attack, membership inference attack, model inversion attack etc.

Just removing PII alone in the training data or implementing a protection at the prompt level may give only partial results, like the story of 6 blind men trying to define an elephant. Like an elephant, LLMs are already very complex and not-explainable to start with. A siloed approach of limited privacy protection and name-sake disconnected model security significantly increases the risk of regulatory violations and succumbing to model attacks.

If we don’t have a holistic approach to privacy preserved model building, the resultant models may become non-compliant with privacy and AI regulations across the globe. Hence a multi stage approach to privacy and responsible AI compliance is a foundational necessity.

‍

‍

PERAI Technologies = Privacy Enhancing Technologies + Responsible AITechnologies

To build a regulatory complaint LLM, its critical that organizations focus on implementing PERAI Technologies across the LLM Ops or ML Ops pipeline starting from using Privacy Threat Modeling during data collection, Privacy Enhancing Technologies during data processing and Responsible AI based guardrails during inference and governance. Let us first understand PETs, RAI and then PERAI. This has to be an end-to-end integrated approach to privacy and responsible AI compliance.

‍

What are Privacy Enhancing Technologies or PETs?‍

A set of foundational technologies that provides privacy protection with mathematical guarantees for various use cases of data sharing or processing. There are different kinds of Privacy EnhancingTechnologies with different kinds of protection, which are suitable of different kinds of use cases.

While complying with data minimization requirements of privacy and AI regulations, an organization has to understand the primary privacy threat they want to mitigate in different data processing requirements and accordingly use suitable PET for data sharing.

‍

Below are some of the Privacy Enhancing Technologies:

1. Differential Privacy
2. Statistical Anonymization (K-anonymity, t-closeness & LDP)
3. Synthetic Data
4. Pseudonymization
5. Federated Learning
6. Others – SMPC, ZKP, FHE

‍

Global Regulations for PET + RAI:

Privacy Enhancing Technologies have been called out as one of the key enablers in AI regulations across the globe like:

1. US - Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Sec 9 – Protecting Privacy)
2. US – NIST AI RMF (Sec 3.6)
3. India – MyGov – Responsible AI – Privacy Enhancing Strategies
4. EU – AI Act (Article 10 – Clause 5A)
5. Saudi Arabia – Ethical AI – Privacy Preservation

‍

What are Responsible AI Requirements & Technologies:

Responsible AI has 7 key characteristics as per NIST AI Risk Management Framework. They are:

‍

‍

Organizations have to incorporate necessary technologies, safeguards and policies as part of their model building, deployment and inference practices to ensure above mentioned characters of their AI models.

‍

What is the need for integrating Privacy Enhancing Technologies &Responsible AI into PERAI? How can PrivaSapien help?

PrivaSapien’s pioneering PERAI technology enables organizations to take an integrated approach toLLMOps. All the 7 characteristics required for building Responsible AI have to be integrated into theMLOps/ LLMOps right from the data collection process. Below is the approach for building ResponsibleAI LLMOps, along with corresponding mitigatory technologies:

‍

1. Data Collection & DPIA

• Requirements: Safe, Fair & Privacy Aware

• Technologies: Privacy Threat Modeling, Bias Assessment, Augmented DPIA, Mitigatory Recommendation & Regulatory requirements

• PrivaSapien’s PERAI Products: PrivacyX-ray(PTM), Prescriptron (Augmented DPIA)

‍

2. Data Preparation & Feature Engineering:

• Requirements: Privacy Preserving & Fair

• Technologies: Privacy Enhancing Technologies
  

• PrivaSapien’s PERAI Products: EventHorizon (Statistical Anonymization), DataTwin (SyntheticData), Differential Insight (DifferentialPrivacy), CryptoSphere (Cryptographic Pseudonymization)

‍

3. Privacy Preserved Model Training & Verification

• Requirements: Privacy Preserving, Accountable, Transparent & Valid
  

• Technologies: Privacy Enhancing Technologies, DPIA, testing
  

• PrivaSapien’s PERAI Products: Prescriptron (AugmentedDPIA), EventHorizon (Statistical Anonymization), DataTwin (SyntheticData), Differential Insight (DifferentialPrivacy), CryptoSphere (Cryptographic Pseudonymization)

‍

4. Model Deployment

• Requirements: Secure, Transparent

• Technologies: Adversarial Attack Detection & Mitigation

• PrivaSapien’s PERAI Products: PrivaGPT–Model Security Module

‍

5. Model Inference

• Requirements: Safe, Accountable, Transparent†

• Technologies: Risk Detection, Risk Summarization, Synthetic Prompt Engineering, Risk based query control

• PrivaSapien’s PERAI Products: PrivaGPT– User Safety Module

‍

6. LLM Governance

• Requirements: Fair, Accountable & Transparent
  

• Technologies: Risk summarization, Human Feedback, AI Governance Reporting
  

• PrivaSapien’s PERAI Products: PrivaGPT – LLMGovernance

‍

Conclusion:

Privacy Enhancing & Responsible AI (PERAI) Technologies are going to be foundational and non-negotiable requirement for organizations in the Data & AI era. Without these technologies - storing, processing, sharing, model building and inferencing are going to be too risky from a compliance and customer protection perspective. PrivaSapien offers a pioneering PERAI platform which can be your partner to leading the Data & AI era.