We are developing a custom AI interface for a customer where data security is very important. We know they recently bought ChatGPT enterprise, and we know they are comfortable sharing their data with it.
In the release statement from OpenAI about ChatGPT enterprise they mention:
“If you need to extend OpenAI into a fully custom solution for your org, our pricing includes free credits to use our API”
Does this mean that API calls made with their API key, is also sent in this secure enterprise environment?
What im asking is basically, can i tell them “Dont worry about security, we connect it to ‘your’ AI”.
If thats not the case, and it’s just for the regular API, are API calls held to the same security standards as Enterprise?
API calls are not used to train models, unless you opt in within data controls of the platform account, if that is your concern.
Model inputs are still subject to retention for safety for a period, and you would still have any other general concerns about any organizations to which you provide data without ultimate observability of your own private servers. Working with classified documents, for example, may not allow you to use a platform where any support personnel can look up your request IDs. Or hackers.
How many API credits you would actually get is not disclosed, you’d review your contract and sales agreement.
I agree with you, but they never mention ‘enterprise API’. I assume that these API calls are held the to enterprise security standard, but assumptions can be wrong so I wanted to see if anyone knew for a fact that enterprise API is a thing.
But thanks for the reply, good to see that someone else came to the same conclusion!
Good to hear that API calls are not being used for training, but since our customers aren’t very technical it would be great to know if API calls made with an enterprise API key are held to the same security standards as the enterprise ChatGPT interface. Then we could piggy back on the fact that they are allowed to use enterprise ChatGPT, and using our product with their API key would be the same thing.
I assume that they are, because it would be really strange for OpenAI l to suggest using the API otherwise. But assumpptions can be wrong and i want to know before i bring it up with our customers.
So the follow up question is if enterprise customers are considered ‘trusted customers’ and have their API calls ZDR by default. Or if there really is no difference between them and regular API calls. I feel like there has to be something because they have ‘API for enterprise’ as an option when applying for enterprise.
All API is under “business agreements”, found in terms, unless you have superseding private information.
As of March 1, 2023, data sent to the OpenAI API will not be used to train or improve OpenAI models (unless you explicitly opt-in to share data with us, such as by providing feedback in the Playground). One advantage to opting in is that the models may get better at your use case over time.
To help identify abuse, API data may be retained for up to 30 days, after which it will be deleted (unless otherwise required by law). For trusted customers with sensitive applications, zero data retention may be available. With zero data retention, request and response bodies are not persisted to any logging mechanism and exist only in memory in order to serve the request.
Do you want to collect some new buzzwords to bullshit them with so they believe they are special?
What if enterprise just means your api request does not take 40 but sometimes, (when it is not coming from a cache anyways) it can be 1-2 seconds.
Where making predictions on the real numbers are as easy as predicting the exact size of some yeast dough after 32.07 minutes…
One thing for sure: enterprise is more expensive.
More secure? Nah… come on. Why would you not implement the highest level of security for everyone? That makes no sense.
But speed in requests still is worthwhile to have enterprise.
And speed for higher price makes sense. Because when the customer pays more you can run more expensive hardware for them dedicated…
The rest most probably is just something the marketing guys came up with to fill a numbered list of features with…
And that also makes sense because here is a story about how enterprise managers make decissions:
I once have selected a software library to use for a bigger corporation I worked for and they had 3 packages.
The medium package included something I wanted to use so I asked a manager to have a meeting about it, showed him the 3 options and before I even explained what I want I opened the overview of the packages and the manager pointed to the “enterprise” option yelling “hey here it says enterprise, that’s us. Take that”…
And my question, are their API calls sent to that dedicated hardware or is it ‘just’ another API call. Because they never explicitly say. I imagine that they do, but I want to know.
It matters because the managers who like the word enterprise, have already signed on to the idea of ChatGPT enterprise. So instead of trying to convince them of something new, I want to be able to confidently say that what Im building uses the same thing they are already using.
Depends on what you mean by dedicated I guess. I still imagine their hardware like a huge hole in the ground where they constantly unload truckloads of t/gpu into and then hope they magically connect to other truckloads of mainboards thrown into the same hole…
Thanks again, but unfortunately it doesn’t say much. I assume that some enterprise accounts have ZDR and others don’t. I was hoping that enterprise was more defined, but no such luck.
Yeah, I really wonder how the sales people pitch that to the enterprise customers… “If you pay a lot of money you’ll get a piece of this hole thats faster and ‘more secure’ then the rest of the hole, and you just have to trust us”