Large Language Models (LLM) and other generative AI on sensitive data
Companies can have complete confidence that any high-value data (commercially or personally identifiable information or PII) fed to Generative AI models will not be viewed by any actor and high-value data will not be leaked or exposed through the use of generative AI (i.e. for OpenAI to train their model using a company’s sensitive data). At the moment, AI inference and fine-tuning are possible using encloud, but custom AI training will be available in the near future.
Other analytics, data transformation, and ML/AI on sensitive data
encloud is agnostic in terms of which operations are performed on the compute capability and, at the moment, 95% of ML/AI operations are possible through encloud. encloud aims to enable all ML/AI operations through the encloud platform
Due to the closed-source and hosted implementation of ChatGPT/GPT-4, it would not be possible to implement an AI solution with ChatGPT/GPT-4. However, there are a multitude of highly-performant and open-source LLMs that could be integrated into encloud.
Since no party is able to view what the other party has submitted as inputs to the Trusted Execution Environments, it reduces the friction for enterprises to collaborate freely with their partners, supply chain and even their competitors. It reduces the burden for legal frameworks to ensure data will be handled and processed as permitted and agreed by each party.
Being interoperable and able to leverage hardware (in-prem servers or external data centers) and cloud means that anything built with encloud can be scaled quickly. Access to Trusted Execution Environments is not problematic, however privacy assured LLM training requires next generation GPUs to do at scale and these GPUs are not yet readily available. However, the availability of these processors is increasing and encloud can deploy these chips when available.
Trust Execution Environments (TEE) are a hardware solution for securing data and programs that are run on a server – developed by the likes of Intel, AMD, and NVidia. The key benefits of TEE is that each party submitting inputs (i.e. data or AI) into the TEE can be assured that no actor can view what is inside the TEE, not even if someone gains physical access to the hardware and has full admin rights. Other features that raise security is the ability for data owners to verify that the compute capability is in fact performed with a TEE via a process called attestation and the data is deployed and the computation is performed as expected.
encloud uses best-in-class encryption to secure sensitive data at all times when it is not being used – preventing any party from viewing the data. Envelope encryption is used meaning there are two tiers of encryption for enhanced security; first the data is encrypted and then the data encryption key itself is encrypted. When data is being used, encloud ensures that any operations, such as queries to LLMs with sensitive data, are performed in a Trusted Execution Environment (TEE). In the TEE, no party can view what is inside so data can be safely decrypted and operations performed on top of the data. Outputs from the TEE are also controlled to ensure no sensitive information is leaked.
Through encloud, any data operation must be through a Trusted Execution Environments (TEE) and data out flow from TEE is strictly controlled. Meaning that LLM developers will not receive data other than what the data owner permits.
Choice over where data and keys are stored and processed
encloud enables the choice in where an enterprise stores the data and performs operations on the data. Meaning enterprises can choose to use hardware that they have on premises, on private/public cloud or on distributed hardware – all while having the confidence the data will be secured.
Interoperability with existing hardware and cloud providers
Encloud is designed to be interoperable with all the major cloud providers. Also, encloud can be implemented using distributed or decentralized hardware networks (i.e. Filecoin and IPFS), making encloud future proof.
encloud is a software layer between the AI developers, the cloud or hardware providers and the enterprise. Through encloud, enterprises can maximize value and insights generated from their sensitive data while choosing the cloud service and AI provider that best suits their business objectives.
Data anonymization is an additional layer of safety that can be bolted on to encloud and there are many solutions available. Data anonymization will transform Personally Identifiable Information into data that is just commercially sensitive. It removes the compliance risk, but the data security risk is still present. Using encloud, enterprises can share and utilize LLMs with the confidence that both compliance risk and data security risk can be mitigated and regulatory requirements are met.
encloud uses envelope encryption to secure sensitive data ‘in-transit’ and ‘at-rest’. The default encryption key is RSA 256 although other encryption key standards (like Cha Cha) and methods are also available depending on enterprise needs. The data will remain encrypted until the data owner deems it necessary to decrypt the data – primarily when the data is ‘in-use’ in conjunction with analytics tools and AI (i.e. Large Language Models or LLMs).
With encloud, the data can only be ‘in-use’ and decrypted in a Trusted Execution Environment (TEE). Meaning that the data can only be decrypted in an environment where no parties can view what is inside. Only the output of a particular operation, for example results of an analysis or responses from a chatbot is allowed out of the TEE. Even then, there are controls around what kinds of operations or outputs can leave the TEE.
RSA 256 is an industry standard for secure encryption and is widely adopted in industry (i.e. WhatsApp). It enables other capabilities like digital signatures through asymmetric encryption for verification of authenticity and integrity of the encrypted data.
Keys used for encryption are also encrypted. Giving more confidence in the security of the encryption keys. It also reduces the network load by removing the need to transfer blocks of data over the network.
TEE is highly complex and requires significant expertise, for even cloud architects, to deploy correctly. encloud’s Guardian capability enables ‘One-Click’ deployment of any operation on TEEs – simplifying deployment and reducing DevOps costs.
The quality of LLM outputs are heavily dependent on the quality of the data provided. This is done through embedding models (giving LLMs context in the subject matter) and fine-tuning (tailoring an LLM for a specific industry or knowledge vertical). encloud enables these operations to be done in a privacy assured way and prevents data leakage.
Inference (extracting responses and insights)
Once an LLM is deemed ready for deployment, enterprises can push the LLM out as a service to be used for their organization, partners or customers with sensitive information. encloud environment ensures that all party’s data is protected.
Training (tailoring an LLM from the grown up)
Training LLMs require specialized hardware, Graphics Processing Units developed by companies like NVidia. At the moment, there is a shortage of hardware that is appropriate for training LLMs in Trusted Execution Environments. However, the cloud and hardware industry are trending towards confidential computing and the shortage is expected to be negated in the short to medium term.
Attestation is a way for data owners to ensure that the actions performed on sensitive data and the hardware the actions are performed on are consistent to expectations. Attestation process is used to give permission to decrypt sensitive data and to run analytics or AI process in the Trusted Execution Environment.
Training AIs are typically performed on GPUs. At the moment, encloud has access to CPU-based TEEs which are, in most cases, not appropriate for training generative AI. However, encloud aims to make GPU-based TEEs more available in the near future.
The CPU (Central Processing Unit) and GPU (Graphics Processing Unit) are two types of processors with different functions and architectures. The CPU is a general-purpose processor responsible for running the operating systems, servers and executing AI inferences. It excels at handling sequential tasks and high single-threaded performance. In contrast, the GPU is designed for highly parallel processes, such as updating the billions of weights in a neural network (architecture on which LLMs are based). It specializes in rendering images, videos, and animations, and it has hundreds or thousands of smaller cores that can work on multiple tasks simultaneously. GPUs are used in graphics-intensive applications, gaming, scientific research, machine learning, and other computationally demanding workloads. CPUs have larger caches and access to main memory, while GPUs have dedicated memory optimized for high-speed parallel access.
Fundamentally, there is no difference between running LLM operations on-prem or on the cloud using encloud. Depending on an enterprise’s needs, encloud can be customized for the platform of choosing. This also means that AI capabilities developed in-house can be easily ported to a cloud service to deliver value externally and generate revenues.