Baffle Unveils First and Only Solution for Data Security and Compliance with Generative AI

September 25, 2023

With Baffle Data Protection for AI, companies can protect their private data while accelerating GenAI projects

SANTA CLARA, Calif. — Sept 26, 2023 Baffle, Inc. today unveiled the first and only solution for securing private data for use in generative AI (GenAI) projects that integrates seamlessly with existing data pipelines. With Baffle Data Protection for AI, companies can accelerate GenAI projects knowing their regulated data is cryptographically secure and remain compliant, while minimizing risk and gaining the benefits of a breakthrough technology.

GenAI tools like ChatGPT are now available very easily via the web and can deliver new insights from public internet data, which has led to a surge in their adoption. Companies want to get competitive insights from their private data but are prevented from doing so given the risk of sharing that data with public LLMs. Consequently, they have barred employees from using public GenAI services out of security concerns. Fortunately, there are private GenAI services available, specifically retrieval-augmented generation (RAG) implementations, that allow embeddings to be computed locally on a subset of data. But, even with RAG, data privacy and security implications, especially compliance regulations, have not been fully considered, and these factors can cause GenAI projects to stall. While the C-suite and investors push for AI adoption, security and compliance teams are forced to make difficult choices that could put the company at risk of financial or reputational loss. Baffle Data Protection for AI empowers companies to easily secure sensitive data for use in GenAI projects against those risks.

“ChatGPT has been a corporate disruptor, forcing companies to either develop or accelerate their plans for leveraging GenAI in their organizations,” said Ameesh Divatia, founder and CEO, Baffle. “But data security and compliance concerns have been stifling innovation — until now. Baffle Data Protection for AI makes it easy to protect sensitive corporate data while using that data with private GenAI services so companies can meet their GenAI timelines safely and securely.”

With Baffle Data Protection for AI, sensitive data is encrypted with the advanced encryption standard (AES) algorithm as it is ingested into the data pipeline. When this data is used in a private GenAI service, sensitive data values are anonymized, so cleartext data leakage cannot occur even with prompt engineering or adversarial prompting.

And because sensitive data remains encrypted no matter where the data may be moved or transferred in the GenAI pipeline, unauthorized users cannot see private data in cleartext, and companies are able to meet specific compliance requirements, such as GDPR’s right to be forgotten, by simply shredding the associated encryption key.

Also, Baffle Data Protection for AI prevents private data from being exposed in a public GenAI service, as the PII data is anonymized. This technical solution is an additional safeguard that complements processes and policies that forbid the use of private data (either intentionally or unintentionally) with a public GenAI service. Unlike other options such as access controls and DLP, Baffle’s no-code, data-centric approach protects data as soon as it is created and then keeps it protected throughout the GenAI prompt and response process.

To learn more about Baffle Data Protection for AI, read the company blog or visit the website.

About Baffle

Baffle is the easiest way to protect sensitive data. We are the only security platform that cryptographically protects the data itself as it’s created, used, and shared across cloud-native data stores that feed analytics, applications and AI. Baffle’s no code solution masks, tokenizes, and encrypts data with no application changes or impact to the user experience. With Baffle, enterprises easily meet compliance controls and security mandates, and reduce the effort and cost of protecting sensitive information to eliminate the impact of data breaches. Investors include Celesta Venture Capital, National Grid Partners, Lytical Ventures, Nepenthe Capital, True Ventures, Greenspring Associates, Clearvision Ventures, Engineering Capital, Triphammer Venture, ServiceNow Ventures [NYSE: NOW], Thomvest Ventures, and Industry Ventures.

Follow Baffle on Twitter and LinkedIn.


Jennifer Tanner
Look Left Marketing
[email protected]