For businesses, essential security settings and precautions for genspark implementation.

Introduction: Risks When Using Genspark in a Company

As a tool that significantly streamlines work efficiency and research time, an increasing number of companies are adopting Genspark for their internal operations. While its advanced search capabilities and summarization features are highly attractive, strict security management is required when using AI tools in a corporate setting, especially from the perspective of information leakage and data privacy.

Especially in the field of generative AI, there's a risk that input data might be used for AI learning models, leading to confidential information being unintentionally output as a response to a third party. Organizations such as IPA (Information-technology Promotion Agency, Japan) and NISC (National Center of Incident Readiness and Strategy for Cybersecurity) have also issued warnings regarding data handling when using cloud-based AI services.

This article explains the points that should be changed from the default settings and specific operational precautions to safely utilize Genspark for business. Please use it as a part of internal verification before introduction or as part of Genspark troubleshooting.

【Mandatory】Steps to Turn Off AI Data Learning (Data Retention)

In Genspark's default settings, "AI Data Retention" is enabled for the purpose of improving service quality, and there is a possibility that input prompts may be used for learning. When used by businesses, to prevent unintended learning of confidential information, it is strongly recommended to turn this setting off first.

Specific Steps for Changing Settings

Changing the settings can be completed with a few clicks from the browser interface.

1. Click the "Account Mark (Profile Icon)" in the bottom left of the screen.
2. From the displayed menu, click "Settings".
3. From the left-hand menu on the settings screen, select the "Account" tab.
4. Click the "AI Data Retention" toggle switch displayed on the screen, and change it to the OFF state.

Furthermore, if advanced management functions and permission settings for corporate use are required, considering the introduction of a paid plan is one option. The pricing page is here: Genspark Official Pricing Page

Three Important Security Measures for Corporate Use

In addition to changing system-side settings, users also need to pay close attention to "how they use" the tool. Here, we introduce three specific security measures that should be observed when using Genspark in a corporate environment.

1. Prohibition of Inputting Confidential Information (API Keys, Passwords)

When requesting Genspark to generate or debug programming code, there are instances where source code is copied and pasted as is. However, it is essential to check before sending if the code contains database passwords or API keys for services like AWS, GCP, etc.

When passing code to AI, cultivate the habit of replacing sensitive parts with dummy text (e.g., YOUR_API_KEY_HERE), or rewriting it into a secure implementation using GitHub Secrets or environment variables (such as dotenv) before inputting it. Being mindful of how to write secure code significantly reduces the risk of information leakage.

2. Process Sensitive Information, Such as Customer Data, with Local Applications

Personal information (PII) such as names, email addresses, and phone numbers, as well as unpublished financial data, customer lists, etc., should be avoided from being directly entered into Genspark's chat screen for analysis.

For example, you would instruct Genspark, "Write a Python code to extract customers matching specific conditions from a CSV file." If you execute the generated code on your own PC (local environment), the data itself will not be transmitted to an external server, and the processing can be completed securely. It is recommended to establish a data processing system in a local environment, referring to resources like the Python official documentation.

3. Copyright and Consideration for External Output

Genspark generates high-quality reports (Sparkpages) based on information from the internet, but when reprinting the generated text as is on a company's official blog or in commercial products, the risk of copyright infringement must be considered.

When using AI-generated content, it is essential to perform manual fact-checking, and, while referencing AI risk management frameworks proposed by organizations like NIST (National Institute of Standards and Technology), a process is needed to ensure the company takes responsibility for the final output.

Towards Building a Secure Operational System

To safely utilize the tool, not only system settings but also raising awareness across the entire organization is crucial. Many companies are developing "internal guidelines" regarding the use of AI tools.

By clarifying these rules and thoroughly disseminating them through regular internal workshops, etc., Genspark's powerful research capabilities can be leveraged for business while minimizing risks. It is important to formulate guidelines and ensure safe usage throughout the organization.

Summary

Genspark holds the potential to dramatically boost productivity in information gathering and development, but as long as it's used in a corporate environment, security considerations are indispensable.

First, start by turning off the "AI Data Retention" setting, and it is important to implement measures such as prohibiting the input of confidential information, switching customer data to local processing, and establishing internal rules. By mastering AI "smartly and securely," let's enhance business competitiveness.

Genspark Official Website