Unlocking Knowledge: Adopting AI with Security

In our previous blogs in the ‘Unlocking Knowledge’ series, we explored how AI can be harnessed to improve efficiency and significantly add value to your organization. However, privacy and security concerns loom large on the decision to adopt AI in many sectors, particularly where compliance, confidential data, and intellectual property are at the fore front.

In this blog, we’ll explore some of the security challenges we encountered while building Adam, our internal knowledge base assistant, and share the practical solutions we developed. You can learn more about Adam in its introduction blog.

Many state-of-the-art AI platforms deliver value only when they have access to extensive datasets that provide contextual understanding of a company’s intellectual property. These platforms often grant AI access to the entire knowledge base when connected, enabling more accurate and useful outputs. However, this approach introduces significant challenges. Different categories of data may be subject to varying internal policies and external regulations, such as GDPR, which may require additional safeguards. Granting AI systems broad access can create security risks and complicate compliance workflows. As a result, organizations may need to conduct detailed data classification, perform risk assessments, and obtain legal or regulatory approvals before deployment. These steps can significantly delay implementation and slow the pace of AI adoption.

Private AI providers are also incentivized to continuously train their models on user data, as broader and richer datasets help improve contextual understanding and model performance. While this enhances capabilities, it introduces risk. For example, if the model has been trained on sensitive internal data, it may inadvertently disclose information to users who lack the appropriate access. This creates a possibility of data leakage, where confidential content provided by one employee is exposed to another without proper authorization if the application is not created with these security considerations in mind.

Let us explore the solutions we implemented in Adam to securely adapt AI to handle our knowledge base system without compromising on security or data related compliance while benefiting from the value that AI brings to the table.

• Fine-Grained Access Control: We have implemented a robust system of fine-grained access controls to safeguard sensitive information at every level. For instance, in Adam, AI does not gain access to all files in SharePoint immediately upon account connection. Instead, a privileged user must approve either the entire SharePoint site or specific pages within the site. This principle of least privilege ensures that AI access is restricted exclusively to data explicitly authorized for AI use, down to the individual file level.
• Built for Flexibility: Adam was designed with adaptability in mind, allowing easy switching between different AI model providers. This includes both cloud-based solutions and self-hosted models that can operate in entirely offline environments. The latter option is particularly valuable for highly regulated industries, as it eliminates any need for external connectivity and maximizes control over data handling and AI operations.
• Secure Defaults: To promote a secure-by-default approach, every new document added to the knowledge base is initially marked as “not shared” with Adam. In this state, the AI cannot access or utilize the contents of the document. While this behavior is the default, it is also configurable, allowing organizations to tailor access policies based on their internal data governance requirements. For example, an organization may choose to change configurations to allow access to all pages in Notion without approval, even though by default explicit approval is required.

While concerns around AI security and privacy are valid and important, it is still possible to develop AI-based applications that align with an organization’s data policies and requirements. By adopting a proactive approach to security, organizations can confidently leverage AI’s potential for productivity gains without compromising on compliance and data protection, ensuring they remain competitive and secure in this evolving landscape.

This is just one example of interesting problems we solve for our clients everyday. Over the coming weeks, we’ll be sharing more behind-the-scenes insights into the problems we’ve faced and the solutions we’ve delivered. Stay tuned.

At SMS, we see the rise of artificial intelligence as an opportunity to re-imagine long-standing organizational challenges and develop innovative, streamlined solutions. To that end, we’ve made significant investments in building deep AI expertise — both to enhance our internal capabilities and to better support our clients.

With nearly 50 years of experience, SMS is a trusted provider of professional services, delivering high-impact solutions across both public and private sectors. We operate in highly secure, compliance-driven environments that demand government-grade standards, while also surpassing the agility, efficiency, and speed expected from leading private sector service providers.

If you’re looking to use AI to boost efficiency, cut costs, and maintain top standards in quality, security, and compliance, let’s connect. Our team of experts is ready to help identify opportunities tailored to your unique needs.