Top Five Reasons Why ChatGPT is Not Ready for the Enterprise

(Cherdchai101/Shutterstock)

With all the excitement over ChatGPT, why have so many businesses, including Apple, Amazon, Verizon, JP Morgan Chase, Deutsche Bank, Northrup Grumman, Samsung, and Accenture banned its use? This reluctance is primarily due to concerns about deploying external Large Language Models (LLMs) like ChatGPT which could result in sensitive data being transported and stored outside of the enterprise’s secure environment.

Generative AI effectiveness in the enterprise hinges on the ability to successfully train a Large Language Model (LLM) on the company’s own data, encompassing everything from emails to financial statements. This specialized training ensures AI conversations are more accurate and relevant. However, the private nature of enterprise data and the need for strict adherence to data privacy, governance, and regulatory compliance poses significant challenges. Mismanagement can lead to costly consequences like data breaches and brand damage.

The top five reasons highlighting ChatGPT’s unpreparedness for enterprise use are:

1. Accuracy: To achieve accurate results, it’s crucial to fine-tune AI models with business-specific data. However, OpenAI does not currently provide a way to directly train ChatGPT with such data. Users must develop their own prompt-completion pairs and train them against an isolated GPT-3.5 model which is neither shared with other customers nor used for training other models. Fine-tuning data must be properly classified, prepared, labeled, and potentially de-identified if sensitive, all before ingestion. Data uploaded for fine-tuning is retained by OpenAI indefinitely until the customer deletes the files.
   

   (Ebru-Omer/Shutterstock)

2. Transparency: The field of artificial intelligence has typically upheld a high standard of openness for learning and improvement. Yet, with the release of GPT-4, OpenAI has chosen to make its source code proprietary and withhold technical details from peer review. This lack of transparency hinders researchers and data scientists from verifying and validating results, posing a challenge for enterprises requiring full transparency and open-source access for thorough evaluation.
3. Consumer Data Privacy: ChatGPT handles consumer data privacy through a Data Privacy Agreement (DPA) to address GDPR requests. However, the DPA does not fully cover the more complex data privacy requirements necessary for key industry regulations like PHI/HIPAA for healthcare, PCI/DSS for credit card processing, or SEC and FINRA for financial services. The exclusion of derived data from DPA protections, despite certain regulations like FINRA prohibiting certain forms of derived data processing, raises additional concerns.
4. Security: OpenAI and its cloud partners maintain high-security standards, but the proprietary nature of ChatGPT and its data usage raises concern over data leakage and exfiltration. Enterprise-grade security features such as fine-grained, role-based access control and proactive ‘rights management’ solutions are not provided. The lack of end-to-end encryption on the OpenAI platform means data and conversations might be accessible to OpenAI employees, and there are no data obfuscation solutions like data masking or sensitive data discovery tools to aid in data preparation.
   

   (jijomathaidesigners/Shutterstock)

5. Data Governance: Effective enterprise data management requires compliance with a wide range of industry and government regulations. Beyond Information Lifecycle Management (ILM) and SOC 2 compliance, enterprise data must adhere to standards like PHI/HIPAA, PCI-DSS, SEC, FINRA, FDA, and FISMA. The evolving landscape of AI-specific regulations, like the EU’s 2021 AI Act and the US’s AI Bill of Rights adds to the complexity.

In light of these challenges, businesses are deploying new infrastructure solutions to meet the data-driven needs of generative AI apps. To manage the risk of exposing enterprise data, stringent data protection measures must be taken to ensure that consumer data privacy and security objectives are met while harnessing the benefits of AI technology.

Companies across various industries might have to consider running their own private LLMs to meet regulatory compliance obligations. Cloud data management platforms that support machine learning and advanced data preparation to train models safely are becoming increasingly important. Tracking workflows, experimentations, deployments, and related artifacts in these platforms enables a centralized model registry for machine learning operations (MLOps) and offers the audit trails, reproducibility, and controls required for regulatory oversight.

AI data fabrics require a full stack of data engineering capability including end-to-end security, data privacy, real-time processing, data governance, metadata management, data preparation, and machine learning. Whether utilizing private LLMs or public models like ChatGPT, centralized MLOps ensures data engineers have control over the entire machine learning lifecycle.

While ChatGPT has made a significant impact, its successful integration in the enterprise depends on successful data governance and data engineering processes. As noted by a Deutsche Bank spokesperson, Sen Shanmugasivam, the bank, despite its ban, is actively exploring how to use generative AI tools in a “safe and compliant way.” Interest in generative AI and machine learning in the enterprise is soaring, but enterprise operations will need data governance standards and safeguards to assure a safe and secure future for enterprise AI.

About the author. John Ottman, with over 25 years in the industry, is the executive chairman of Solix Technologies and chairman and co-founder of Minds.com, an open-source social media leader. His career includes key roles at Oracle, IBM, and as president and CEO of Application Security, Inc., and president of Princeton Softech. Starting in sales at Wang Laboratories, Ottman later joined Oracle and then Corio,  contributing significantly to their growth, IPO, and IBM acquisition. He’s the author of “Save the Database, Save the World!” and holds a B.A. from Denison University.

Related Items:

Top 10 Challenges to GenAI Success

What’s Holding Up the ROI for GenAI?

Are We Underestimating GenAI’s Impact?