[sebastiennight]

It is OpenAI's model (although you can switch to another LLM). It's just that your data and the actual run environment for the code you got from the ChatGPT API, runs locally.

So AFAICT your prompt is still "leaked" to OpenAI, but not your data.

[passwordoops]

Probably splitting hairs and I'm not arguing one way or another, just wondering - why isn't the prompt itself considered leaked data?

[sebastiennight]

Well I'm saying the prompt is leaked.

But that's not the biggest issue in most cases.

Prompt: "I have a file of 315 customers with their IP, behavior, religious affiliation and previous purchases plus medical history. I want to figure out if I have any customers whose religious affiliation pre-dates a post-surgery stay in hospital."

Data: a huge CSV file which, as you can tell, contains incredibly sensitive/legally impactful information.

With this system, you send the prompt to GPT-4 or Claude, and it doesn't see your data at all. It just writes a python program that can do the analysis.

You run the program locally on C:/Users/passwordoops/SuperSensitiveData/Confidential.csv

You get the result.

OpenAI has never seen your data.

It's a win for confidentiality.

(of course, that's if the LLM didn't give you a program that would exfiltrate your prompt, and if the CSV contains no prompt injection to exfiltrate the data, etc. This system is a security nightmare.)