Editor’s note: An update is under construction to align this blog with our most updated policies. In the meantime, please see our latest FAQ on Domo.AI Security and Privacy, published in September 2024.
What about security? That’s the question on everyone’s minds when it comes to Domo’s generative AI capabilities. The allure of models like GPT-4 lies in their potential to significantly boost productivity and creativity. However, this enticing promise is accompanied by a cautionary tale.
It’s important to note that these benefits come at a cost: the necessity of sending data to external servers for processing. This is a standard part of how these models operate, but it’s crucial to be aware of the security implications.
Especially when the server’s data usage policies are ambiguous, the act of sending data externally introduces potential risks. These include the possibility of data interception, unauthorized access, and misuse—concerns that are heightened when the data being sent is sensitive or proprietary.
How Domo.AI mitigates the risks of generative AI
We’re here to make Domo’s policy clear. You might be asking yourself, what happens to my data when I use Domo’s generative AI capabilities such as AI Domo Bricks and the AI Beast Mode editor?
1. Your customer data stays in its secure environment.
Rest assured, Domo’s top priority is your data’s security and privacy. Unlike other platforms that may send your data to external servers, Domo keeps your actual customer data safely ensconced within its own secure environment.
For readers interested in the specifics, Domo’s secure production environment undergoes multiple audits every year to ensure compliance with leading security standards such as ISO 27001, ISO 27018, HITRUST, HIPAA, SOC 1, and SOC 2.
2. Domo transmits only metadata from the tables—not the data itself.
When leveraging OpenAI’s generative AI capabilities, Domo transmits only metadata from the tables—think column names and data types, not the data itself. We’re confident that when we use OpenAI’s API, we know what the company will do with that metadata and how long they’ll retain it.
This approach not only enables the power of generative AI, but also sidesteps the security pitfalls associated with data exposure, interception, or misuse.
3. The metadata is transmitted using encrypted channels.
The metadata is transmitted over the internet using encrypted channels, which provides assurance of the integrity and confidentiality of any such data being transmitted. Domo acts as a guardian of your sensitive or proprietary information, maintaining the highest standards of data privacy and security.
How Domo stays ahead of AI security risks
We’re committed to advancing our AI capabilities by developing an AI solution that resides entirely within the Domo ecosystem. This in-house AI engine aims to offer the same sophistication and utility as external models, but with stronger security and data privacy.
By processing customer data locally, within the secure boundaries of the Domo platform, you’ll never need to transmit confidential data or personally identifiable information (PII) externally—reducing the risk of data breaches or unauthorized access.
This shift to an internal AI solution underscores Domo’s dedication to providing innovative technology that prioritizes the safety and integrity of customer data. It marks a significant step in our ongoing efforts to empower businesses with AI-driven insights, all within a secure and trusted environment.
Three next steps for navigating AI in your organization
Read the first article in this series, AI’s All the Rage—3 Tips to Govern It Well. You’ll learn three tried-and-tested data governance principles that can structure your organization’s AI governance as well.
Watch the Domo.AI Summit replay, a 45-minute session on the AI/DSML solutions in Domo for creating business impact.
Listen to Brad Kasell on the Business Essentials Daily Podcast. He covers why good data matters in business, no matter how you’re applying it—in AI tools or otherwise.