Our Approach to A.I.: A Focus on Safety and Accuracy

Selene Kim
September 21, 2023


Initial Reactions to ChatGPT: Interest From Afar

Shortly after OpenAI released ChatGPT in November 2022, the SafeBase team received an email from one of our most prolific customers:

I’m sure that by now, the SafeBase team has had some fun exploring OpenAI and chatGPT... I was curious as to whether SafeBase was considering ways in which to responsibly incorporate this technology within its platform.

This was only the beginning of many inquiries to come. Our initial discussions with customers were characterized by both excitement and concern. They were excited that the technology could help improve productivity across the world of work, especially when it came to the dreaded security review process.

They were also concerned that (mis)use of the AI models could pose another cybersecurity risk. Bad actors could generate attacks with a few prompts. Employees may inadvertently leak sensitive data to AI models, as we saw at Samsung earlier this year.

Known and unknown risks abound. Many leaders in our industry opted to wait and see how the technology evolved before diving in with enthusiasm. SafeBase has not been an exception.

Embracing AI as an Opportunity for our Customers

Earlier this year, we noticed a shift in people’s thinking. Big tech companies like Google and Meta released their own versions of Large Language Models. At the RSA conference in April, where SafeBase was named one of top 10 finalists for the Innovation Sandbox Contest, HiddenLayer won the competition with its platform to monitor machine learning algorithms for adversarial ML attack techniques.

Technology providers inside and outside of the security space announced new features with a flavor of AI. Snyk doubled down on its use of AI to find vulnerabilities and verify code security. Brex launched a chat interface that provides insights on corporate spend and answers business questions in real time.

At the same time, AI providers such as OpenAI began providing more visibility into their security practices, further inspiring confidence in their offerings and fueling adoption. Many of our customers created new security controls on how (and how not) to use AI-powered tools at work and trained employees to leverage the technology securely.

Logan.GPT SafeBase Tweet - Safebase

In the product community, it became evident that AI was no longer considered a fad or a choice. The question isn’t if the world’s technology companies adopt AI, but when, and how.

Leveraging AI to Improve the Dreaded Security Review

At SafeBase, we pride ourselves on supporting trust-minded organizations in achieving their growth goals. The core premise of our product is to facilitate buyer security reviews quickly and effectively accelerating sales cycles and creating a delightful experience in the process. With AI, we see major opportunities to further streamline this process and make the journey more effective for all parties involved.

Building AI into our product is an exciting — and sensitive — undertaking. As we build our product roadmap, we will continue to apply the same philosophies to the inclusion of AI that we would any other element, asking ourselves a critical question: Is this the best solution that can solve our customers’ pain points in the most delightful, secure and efficient way?

Our aim is to use AI as a more optimal means to a desired end; using AI is not the goal. Problems need to be worth solving for, and AI is one of many ways to solve those problems. Automating a task poorly only means getting more problems faster.

How We’re Building our AI-Powered Solutions

Security is, and always has been, the most important consideration in how we build our product. At the same time, we also recognize that each organization has a unique risk appetite and standard for security. We have committed to the following guidelines when it comes to building AI into the SafeBase product:

Organizations will opt in to use the solution.

  • All organizations are opted out by default. For those that opt in, we will not let the LLM(s) of our choice use your data to train the general model.
  • We commit to providing our solution in the most flexible way and respect how you’d like to use the answers from AI.

We will not overpromise on accuracy. We don’t see AI as our “end-all-be-all” — at least not yet.

  • We are optimizing for leveraging the organization’s existing content over creating new responses.
  • AI has limitations, and it’ll take time to get close to 100% accuracy.
  • We start with leveraging the content from your past security questionnaire responses and Trust Center contents to minimize hallucination risks.
  • As the underlying technology evolves and we continue to train our model, we expect to improve the number of questions AI can answer with minimal manual involvement. In the meantime, we will provide you with an indication of confidence level to help you make your own call on how much human involvement is desired.

As always, success begins with a strong, comprehensive Trust Center.

  • One thing we know for sure about AI is “garbage in, garbage out”.
  • We are committed to leveraging your trust posture to answer questionnaires in the correct way. Your Trust Center will serve as not only a strong input for answering inbound security questionnaires, but also for continuing to eliminate the need for questionnaires altogether.

Beginning the AI Journey with Answering Questionnaires

To begin our journey with AI, we’ve begun to explore how AI can support customers in responding to unavoidable security questionnaires. With a SafeBase Trust Center, security and GRC teams can provide potential customers with all the information they need to make a confident buying decision. But we recognize that there are times when you have to — or want to — respond to a buyer’s security questionnaire as well.

Through discussions with our customers and market, we know there’s a right way to go about building a “security questionnaire automation” solution. Here are the three pillars that have our laser-focus as we work to bring these tools to life:

  1. Speed - Your team’s time is valuable. Most of the answers you need already exist within your ecosystem. Our security questionnaire automation tools should dramatically speed up the time to completion and alleviate hours of manual work for responders.
  2. Accuracy - Every detail of your security posture is critical, and must be represented with confidence. As we build our AI-based tools, we’re committed to making sure that speed isn’t to the detriment of your brand reputation — and reflecting your posture with as close to complete accuracy as possible is paramount to that.
  3. Control - We recognize that our customers’ data is the bedrock of their success. Putting that data into any model or system without their knowledge is a non-starter. We will always ensure our customers have complete control over their data and that of their customers.

Over the coming months, we’ll be working hard behind the scenes to bring the best that technology has to offer to your SafeBase Trust Center. We know that, in time, and with the partnership of our customers, AI will make a positive impact on our customers’ abilities to showcase their commitments to security. It will also create more advantageous experiences for sales teams and their buyers.

In the meantime, if you would like to learn more about SafeBase’s philosophy on AI, on our forthcoming features and solutions, schedule time with us here.

Begin building your Trust Center today.
Creating your own Trust Center is easy, and getting started is free.