Jump to content

Generative AI and Security

Learn more about how to maintain good information security when using different generative AIs.

Learn more about generative AI and security

Where do I start?

There are many different generative AI products on the market today, and it can be difficult to understand what data you can safely input into the different tools. On this page you will find a short list of the most common AIs you may encounter and recommendations on what you should be aware of to maintain data security at AAU if you use AI tools in your work.

Data Classifica... What?

Not sure what type your data is? Do you know how to store it correctly? And do you share it with others in a secure way? Read more about how to classify your information so it's handled correctly.

To personer arbejder sammen om en computer og en notesbog.

Data Classifica... What?

Not sure what type your data is? Do you know how to store it correctly? And do you share it with others in a secure way? Read more about how to classify your information so it's handled correctly.

Read more about data classification here
To personer arbejder sammen om en computer og en notesbog.

Which AIs can I use for what?

NB! Is there an AI missing from the list?

There are many AI tools that do not appear on this list. These have not yet been assessed, and therefore they can only be used for Classification 0: Public Information. The model is not complete and will be continuously updated.

What can different AI tools do?

If you're struggling to make sense of all the different generative AI products, you're not alone. As many of the tools are still relatively new, they also tend to change names several times. Below you will find a number of descriptions of the different AI products in the model. This page is constantly updated, but if you come across a new name for an AI tool or a product you would like to see on the list, you can make a request via the link.

NB!

Even if you follow the data classification guidelines for what data you can share with an AI, you should still be aware that some data is copyright-protected and therefore cannot be shared with AIs.

Microsoft Copilot
Copilot Pro
Copilot Premium
OpenAI ChatGPT
Google Gemini
Claude AI
Mistral.ai
Self-hosted AIs
Self-built AIs

When using AI

5 tips

  1. 1

    Just because you can, doesn't mean you should

    While AI paves the way for new possibilities for work productivity, we must keep in mind that not all information should be processed by AI and that we must make sure we continue adhering to the applicable laws. 

  2. 2

    Is the AI service appropriate for your purposes?

    We work with different types of data at AAU, and therefore the AI services best suited to assist us vary accordingly. 

    The service must be suitable for processing the type of information you intend to use it for. For example, if you work with personal data, you must use an AI that is approved for that purpose according to AAU's guidelines. 

  3. 3

    Who owns the data?

    Are you the owner of the data you supply to the AI? Is it made available for use, and do you have the legal right to use it for the purpose you intend?

  4. 4

    How good is the output of your work?

    An AI can only provide answers as good ad the material we provide it with. 

    Is the data in your documents accurate and up to date? Are you prompting your AI in the most effective way? Consider how to get the best results when working with AI. 

  5. 5

    Be critical of the output

    AI should be considered a sounding board, not the absolute truth. Sometimes AI can "hallucinate", meaning it fabricates answers and sources of its own accord. 

    For this reason, you should always be critical of the output you receive and fact-check if something sounds too good to be true. Not even the best AI is an expert, and it can make mistakes. 

Approval for Classification 1, 2 and 3

In order for an AI tool to be approved to use data with classification 1, 2 and 3, several things must be in place first. First and foremost, there must be a system owner who assumes any risks that may arise from using the product. If the product is not developed at AAU, is hosted outside AAU or otherwise stores or passes on data input to others, a data processing agreement must be drawn up. In some cases, a risk assessment must be prepared first.

Read More About Risk Management

Looking for other helpful Q&As?

Use Cases