Partially Redacted: Data Privacy, Security & Compliance

In this episode we’re joined by Shubh Sinha, CEO and Co-founder of Integral, to discuss the protection and utilization of sensitive health data. Shubh shares insights from his varied career in sales, engineering, and product management, and dives into the challenges of maintaining privacy and security in healthcare. The conversation covers HIPAA regulations, the balance of securing data while keeping it accessible, and the role of generative AI in healthcare innovations. Tune in for a detailed look at how technology is shaping the future of patient treatment and data privacy.

In this episode, we dive into the world of MLOps, the engine behind secure and reliable AI/ML deployments. MLOps focuses on the lifecycle of machine learning models, ensuring they are developed and deployed efficiently and responsibly.
With the explosion of ML applications, the demand for specialized tools has skyrocketed, highlighting the need for improved observability, auditing, and reproducibility. This shift necessitates an evolution in ML toolchains to address gaps in security, governance, and reliability.
Jozu is a platform founded to tackle these very challenges by enhancing the collaboration between AI/ML and application development teams. Jozu aims to provide a comprehensive suite of tools focusing on efficiency throughout the model development and deployment process.
This conversation discusses the importance of MLOps, the limitations of current tools, and how Jozu is paving the way for the future of secure and reliable ML deployments.
Resources:
Jozu
KitOps
 

In this episode, we dive deep into the world of prompt injection attacks in Large Language Models (LLMs) with the Devansh, AI Solutions Lead at SVAM. We discuss the attacks, existing vulnerabilities, real-world examples, and the strategies attackers use. Our conversation sheds light on the thought process behind these attacks, their potential consequences, and methods to mitigate them.
Here's what we covered:
Understanding Prompt Injection Attacks: A primer on what these attacks are and why they pose a significant threat to the integrity of LLMs.
Vulnerability of LLMs: Insights into the inherent characteristics of LLMs that make them susceptible to prompt injection attacks.
Real-World Examples: Discussing actual cases of prompt injection attacks, including a notable incident involving DeepMind researchers and ChatGPT, highlighting the extraction of training data through a clever trick.
Attack Strategies: An exploration of common tactics used in prompt injection attacks, such as leaking system prompts, subverting the app's initial purpose, and leaking sensitive data.
Behind the Attacks: Delving into the minds of attackers, we discuss whether these attacks stem from a trial-and-error approach or a more systematic thought process, alongside the objectives driving these attacks.
Consequences of Successful Attacks: A discussion on the far-reaching implications of successful prompt injection attacks on the security and reliability of LLMs.
Aligned Models and Memorization: Clarification of what aligned models are, their purpose, why memorization in LLMs is measured, and its implications.
Challenges of Implementing Defense Mechanisms: A realistic look at the obstacles in fortifying LLMs against attacks without compromising their functionality or accessibility.
Security in Layers: Drawing parallels between traditional security measures in non-LLM applications and the potential for layered security in LLMs.
Advice for Developers: Practical tips for developers working on LLM-based applications to protect against prompt injection attacks.
Links:
Devansh on LinkedIn
AI Made Simple

In this episode, Joice John, Senior Product Manager at Skyflow, joins the show to discuss the complexities of managing privacy and security with unstructured data. Joice explains what unstructured data is and its distinction from structured data, and then dives into the technologies that tackle these challenges.
Joice discusses the unique privacy concerns and significant security risks unstructured data poses, highlighting why they're especially tough to mitigate. Sean and Joice also discuss the support modern data lakes offer for secure unstructured data management, alongside Skyflow’s solutions for overcoming analytics challenges and protecting sensitive customer information.

Daniel Wong, Head of Security and Compliance at Skyflow, is back for his third appearance. Daniel discusses his extensive career at the forefront of security engineering, having worked with industry behemoths like Oracle, Salesforce, and CrowdStrike.
He discusses the critical differences in security needs between large enterprises and smaller businesses, the evolution of security technologies, and the unique challenges of ensuring enterprise-grade compliance. Daniel shares his personal experiences and the innovative security features he helped pioneer, offering listeners an insider's view of what it takes to protect some of today's leading enterprises.
Links:
Common Data Security and Privacy Mistakes with Daniel Wong
Understanding SOC-2 Compliance and Achieving It with Skyflow's Daniel Wong

This episode dives into how we can keep our texts and calls safe from scammers. Sean Falconer chats with Dave Erickson, the co-founder of Phound, which is redefining the way people connect and communicate. Dave shares why texts can easily get targeted by scams, how fraudsters hide their identity, and the tricks they use to trick people.
Learn about the simple steps you can take to protect yourself from these scams. Dave also talks about how Phound is working to make our phone numbers safer by creating a self-managed contact card. Users of Phound only receive phone calls and SMS from approved contacts and they’re in control over how long someone can contact them.
If you're worried about phone scams or interested in how technology is fighting back, this episode and the work Phound is doing should help.
Links:
Phound

In this episode Rishi Bhargava, Co-founder of Descope, joins the show to delve into the intricacies of authentication and identity management. Rishi, with his extensive experience in security, spanning from McAfee to Palo Alto Networks and co-founding Demisto and Descope, shares his insights on the evolution of the security landscape and the persistent challenges surrounding password-based security.
Rishi elaborates on the longevity of passwords, their inherent security weaknesses, and the efforts to bolster their security, often at the expense of user convenience.
The conversation shifts to emerging alternatives like passkeys, magic links, social logins, and biometrics, exploring their mechanisms, privacy implications, and potential risks. Rishi explains the nuances of passkey technology, addressing concerns about device theft, and the transition to new devices.
Rishi articulates his vision for solving unaddressed challenges in authentication and identity management, differentiating Descope from other passwordless solutions. He outlines the integration process, common migration challenges, and the factors that drive companies to switch to third-party authentication providers.
Links:
Confidential Computing and Secure Enclaves with AWS's Arvind Raghu

In this episode Sean is joined by Pedram Naveed, Head of Data Engineering at Dagster Labs. They discuss the unique challenges and opportunities in the realm of data engineering, particularly the culture of learning and sharing within the field.
Pedram discusses the traditionally guarded nature of data engineering, contrasting it with the more open-source approach in software engineering. He highlights the potential downsides of this secrecy, such as the difficulty in learning best practices and innovating. The discussion also touches on the balance companies must strike between contributing to communal knowledge and protecting valuable data and intellectual property.
Pedram shares insights from his experiences at Dagster Labs, including the development of the Dagster Open Platform and its impact on fostering a culture of openness in data engineering. Additionally, they explore the future of collaboration in the field, considering emerging technologies and methodologies that could further encourage sharing and innovation over the next 5-10 years.
Links:
Dagster Open Platform
Pedram Navid

In this episode Zena Obebe, the founder of Hill Redaction Services, joins the show to discuss the critical role of document redaction in maintaining privacy and security. Zena, an expert in the field, discusses the increasing demand for document redaction across various industries, particularly in legal and medical sectors.Document redaction, the process of obscuring sensitive information in documents, is vital for compliance with privacy laws and protecting personal data.
Zena sheds light on the challenges organizations face in redacting documents, emphasizing the complexity and necessity of accurately obscuring information without compromising the integrity of the document. She highlights the evolution of technology in this domain, noting how advancements in AI and automation have enhanced the efficiency and accuracy of redaction processes.
Despite these technological strides, Zena cautions against over-reliance on automation, underscoring the importance of human oversight to mitigate risks. The conversation also covers best practices for effective redaction and the need for industry-specific awareness to meet legal and regulatory requirements.

In this episode, Sanjeev Sharma, Product Lead from Skyflow, joins the show to explore the complex landscape of payment data residency regulations in India, focusing on the Reserve Bank of India's (RBI) 2018 mandate for local data storage and its impact on digital payments. The discussion covers the regulatory roles of RBI and NPCI, the challenges international businesses face in adapting to these regulations, and the implications for consumer data protection and business continuity.
Sanjeev and Sean delve into the technical and operational hurdles companies encounter, such as interpreting intricate payment flows and modifying global IT systems for local compliance. The episode also highlights the influence of technological innovations on payment systems, like mobile penetration and UPI, and offers strategic advice for entrepreneurs navigating this regulatory environment.
The episode provides a comprehensive overview of the evolving digital payment sector in India, emphasizing the importance of regulatory compliance for fostering innovation and security.