Skyflow tackles data privacy and security for enterprises who use LLMs

Being an online consumer is a game of trust.

Imagine you're shopping on an ecommerce website. You find the perfect item, add it to your cart, and proceed to checkout. During the checkout process, you may be required to provide various pieces of personal information–your mail ID, phone number, address or payment details. 

Every time a user provides this information, they trust the e-commerce company to keep it safe. However, company-wide data breaches that expose sensitive customer information are becoming more commonplace by the day.

In this day and age, given the inevitability of needing to share personal information with businesses, a viable solution is required to improve how these businesses secure and govern data. 

This is where SaaS solutions like Skyflow come into play.

Founded in 2019 by Anshu Sharma and Prakash Khot, Skyflow is a data privacy vault built to simplify how companies isolate, protect, and govern their customers’ most sensitive data. 

“If you look at the history of actual data protection, it seems like, almost everybody eventually gets hacked or a data breach happens and then our information ends up on the internet,”  Sharma tells YourStory. 

Headquartered in Palo Alto, California, the company mainly offers a privacy-focused data storage solution for companies looking to securely implement LLMs to safeguard and manage sensitive customer information. 

Product offerings

Many cybersecurity providers today offer products that merely protect a company’s defences externally against threats. However, if those defences are breached, the data stored within is left vulnerable. Skyflow’s technology ensures that even in the event of a breach, its customers' personal information remains secure and inaccessible to unauthorised parties.

The platform is built by its proprietary technology called 'polymorphic encryption', a security technology that constantly changes how data is encrypted. This makes it hard for unauthorised users to decode the data, even if they intercept it.

Skyflow uses this technology to keep sensitive data secure while still allowing businesses to use it for tasks like analytics, marketing, and customer support.

The platform is designed to integrate into existing business infrastructures and also helps organisations comply with various data privacy regulations.

Skyflow's core product is the data privacy vault, which securely stores sensitive information like personally identifiable information (PII), payment data, and health records. The vault uses advanced encryption techniques such as data tokenisation and masking, to protect data both during storage (at rest) and when being transferred (in transit).

“We go to businesses that have to manage this sensitive information or customer data and provide them a cloud service or a SaaS service such that we can secure and govern the PII information,” Sharma explains. 

This process involves replacing sensitive data with tokens, allowing internal use without revealing the actual data. Data masking hides sensitive information, making it accessible only to authorised users.

Also Read

Panoplia.io combats cyber fraud in India with AI-backed solutions

Data Privacy for LLMs

There has been a recent upsurge in several enterprises that have incorporated LLMs (Large Language Models) to automate their workflows. Training data, which includes large text datasets, may contain sensitive information such as names, dates of birth, or social security numbers if not properly anonymised, risking exposure during content generation. 

User-provided prompts and files containing sensitive data can also flow into the model, potentially exposing this information when the model generates content.

Sharma believes there are three types of data. 

“One type of data is the application data, which includes transaction-related information like car orders or e-commerce purchases. The second type of data is historical or analytical data. This is used for analytics and model building, such as predicting consumer preferences, like one person being more likely to buy a red sweater and another a blue sweater,” he says.

The third type of data is large language models (LLMs) or AI, which deal with unstructured information. 

“This includes email text, PDFs, order histories, and more. People use AI to ask questions like generating the next email. To address this, we have built our latest product called LLM Gateway for Privacy and Security,” Sharma explains.

To address the risk of leaks, all training data passes through Skyflow’s ‘LLM Gateway for Privacy and Security’, where the sensitive data is identified and securely stored. It filters out plaintext-sensitive information to prevent it from entering LLMs during training.

By encrypting and tokenising data, Skyflow significantly reduces the risk of data breaches.

“LLM adoption is increasing across the market even though there are few data protection mechanisms in place, putting compliance, security, and privacy at risk,” Sharma cautions.

“Once sensitive data enters a model it’s almost impossible to remove, which means something like a data deletion request — which many new privacy laws require companies to be able to execute, becomes much more difficult,” he adds. 

Also Read

Increased investments, AI policies, and computing capacity: SaaS sector’s Budget 2024 wishlist

Future plans

Skyflow has raised $30 million to extend its Series B funding in 2021 led by Khosla Ventures, along with prior investors Mouro Capital, Foundation Capitaland Canvas Ventures.

The company claims to have experienced significant growth in India, with demand tripling over the past year and projected revenue expected to grow fourfold in the coming fiscal year. 

It has also increased its investment in the local tech sector, expanding job opportunities, and advancing technologies for data protection and privacy enhancement. Its future plans include tripling the go-to-market (GTM) team, doubling the workforce by year-end, and to help businesses navigate the complexities of India’s DPDP Act.

The platform currently supports nearly a billion records of user data for global customers like GoodRx, Lenovo, and Hippocratic AI, and processes more than two billion API calls quarterly.

Skyflow has recently expanded its data residency solution to include China, enabling global companies to scale in Asia without major changes to their technology. This makes it easier to comply with China's strict data privacy regulations, including the Personal Information Protection Law (PIPL) and the Cybersecurity Law (CSL).

The Data Security Council of India's report revealed more than 400 million cyber threats, with an average of 761 detections per minute. India’s data privacy laws are also a point of concern, according to Sharma.

“India's DPDP (Data Protection Law) is currently a major concern for many CTOs and CIOs. Even before DPDP, regulations like RBI's oversight of banks and the Indian government's mandate to vault Aadhaar data highlight a trend towards stricter data handling rules,” Anshu says. 

“Simultaneously, the volume of data flowing from applications to analytics and AI has increased dramatically. However, laws are tightening on where and how this data can be stored, such as restrictions preventing multinational companies from housing personal data of Indian citizens outside India,” he proclaims. 

However, Skyflow acknowledges one of the major challenges: the changing behaviour of AI technology. 

“As the AI landscape evolves, we began by helping customers ensure compliant fine-tuning and training of data, and safeguarding inference use cases by preventing unauthorised access to sensitive information.”

“We are enhancing our capabilities to offer customisable guardrails and fine-grained access controls, supporting privately hosted LLMs with advanced privacy measures,” he explains. 

It caters to various sectors such as fintech, digital health, banking, retail, and travel services in over 150 countries. 

“Our roadmap includes seamless solutions for RAG-based (Retrieval-Augmented Generation) architectures and integrations with AI platforms like NVIDIA, Snowflake, and Databricks, ensuring a robust privacy layer. Additionally, we will launch Skyflow Data Privacy Agents for workflow integration and expand into MLOps (Machine Learning Operations) by partnering with specific vendors,” he adds.