3 keys to the enterprise for AI-first startups

When OpenAI released ChatGPT in November 2022, the average  consumer saw an overnight success heralding a new age of rapid  technological growth. But the widespread lack of understanding around  the technology makes for an uphill battle to build enterprises'  confidence in these solutions’ security and privacy.

Meanwhile the state of the art is accelerating, with over 2000  papers published in the past month alone, joined by hype that makes  Taylor Swift’s tour look like an underpromoted coffee shop performance.  As a result, every AI-first startup faces an extra critical eye as they  approach the hallowed gates of the enterprise.

Fig 1. Analysis of cultural popularity of AI vs Swift. AI dominates despite frequent hallucinations

Organizations’ third party risk management tends to rely on  reports like SOC 2 to assess security requirements. Larger enterprises  will add audit reports to evaluate compliance but will have bigger teeth  in the form of security addendums and contractual obligations.

Unfortunately, those same contracts haven’t caught up with the  types of issues that LLM based software is uniquely susceptible to.

They may cover vulnerability management requirements, encryption  at rest and, god forbid, password rotation policies – but have yet to  address issues like prompt injection prevention, how models are trained,  who owns the weights of a model trained on customer data, and a dozen  other concerns that only arise with this next generation of software.

This can greatly lengthen sales cycles by creating long  back-and-forths with legal and security teams who all want to make sure  they aren’t inadvertently approving tomorrow’s data leak.

Enterprises won’t dig much into the controls that back their new  Microsoft copilot lifestyle. They're a trusted strategic partner with  more AI talent in their nap pods at any given time than most of their  customers could ever hope to have on staff so customers will take it as a  given that it’s well built.

Fig 2. A very accurate and not-at-all-fake depiction of Microsoft’s AI team recharging mental prowess

For those without the resources to casually offer to absorb the  world’s hottest company over a weekend, being able to clearly and  proactively communicate architectural choices necessary for a  “secure-by-design” system is now more important than ever.

But how do we convert this knowledge gap into a unique selling  proposition that sets you apart in the hyper competitive landscape?

Collaborate Early and Often

Ensure  early and frequent collaboration between security architects and  product/engineering to design the systems in a way that fundamentally  addresses LLM specific concerns like those in OWASP’s LLM Top 10 and AI  Privacy and Security Guides.

Translate Tech into Tales

Once  the technical groundwork is laid, it's time to bring the narrative to  your audience. Get your product marketing teams to partner with your  engineers to demystify AI risks. They need to translate your technical  measures into compelling content that informs your audience. These  should transform the complexities of AI risk and your robust  countermeasures into narratives that resonate with and inform your  customers.

Reinforce Contracts with Confidence

With  the technical and narrative pieces in place, the next step is to  solidify your commitment through your contracts. Bring in the legal team  to ensure your own security addendum addresses these risks in a way  that gives the buyer confidence in the guarantees provided by your  solution. Don’t forget to add all the classic requirements, they haven’t  gone anywhere and will be expected to be covered lest you be forced to  default to the dreaded customer paper.

Remember above all, this isn’t a totally new process, it’s just  about anticipating questions to minimize unnecessary back-and-forth. By  addressing the education gap head-on, your organization can minimize the  cycles with security and legal teams, streamline the sales process, and  empower customers with the knowledge of what AI can and can’t do.  Taking these simple steps can have a radical effect on customers’  confidence and certainty – and ultimately help them get the benefits of  your solution in place to make a real difference in your business.