Open Source Generative AI Policy by Contrast Security
Welcome to the official repository for the Generative AI Policy!
The primary aim of this project is to provide a comprehensible and adoptable policy to control the potential privacy and security risks in using Generative AI and LLMs within your organization. This open source policy serves as a starting point for CISOs, security professionals, compliance, and risk teams who are new to this domain, and those who have a need to quickly release a policy for their organizations.
The policy takes into account numerous things but focuses primarily on the following:
- Prevent the creation of Intellectual Property (IP) and software where ownership and IP rights cannot be successfully challenged at a later time;
- Prevent the generation of or using AI-generated code that could contain malicious components;
- Prevent employees from using public AI systems to learn from the company’s data or customers’ or other third parties’ proprietary, non-public data; and
- Prevent unauthorized or under-privileged users gaining access to privileged, sensitive, protected or other confidential data.
The first version of this policy was contributed by Contrast Security. We encourage the community to contribute and help improve this policy. If you have any suggestions, feedback or want to help improve the policy, feel free to open an issue or send a pull request.
This project is licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.