Customer Case Study: Preserving Privacy in a Generative AI Application (RAG) for Contract Review

Customer Need

A large telco sought to revolutionize its contract review process using Gen AI. They aimed to build a generative AI application based on the Retrieval-Augmented Generation (RAG) architecture. The RAG-based application uses historical contracts as context to create a sophisticated AI agent. The primary objectives were to:

• Reduce Time and Cost: Streamlining contract reviews and approvals. Reduce para-legal costs and time spent waiting for legal reviews.
• Empower Employees: Enabling staff to review terms and contracts independently using the AI agent for faster decisions and fewer processes.

Challenge - Data Protection

The project faced a significant hurdle. The historical contracts, crucial for context tuning the AI model, contained Personally Identifiable Information (PII). There was a risk that the AI agent might inadvertently expose this sensitive data, such as who wrote the contract, during interactions with users. Protecting PII was paramount to complying with privacy laws and maintaining client trust.

Solution

The solution involved incorporating Protecto APIs. These APIs are designed to:

• Identify PII: Detect personal data within the historic contracts.
• Intelligent Tokenization: Employ a unique technique to obscure the identified PII while preserving the overall context and usability of the documents.
• Data Protection: By masking sensitive PII data, the company eliminated data leaks and insider risks, ensuring no sensitive data was exposed during the AI agent's contract reviews.
• Functional AI agent: The model, using sanitized data, was capable of delivering accurate recommendations and analyses of contract terms without compromising privacy.

Outcome

• Efficient Contract Review: The AI agent enabled faster and more cost-effective contract reviews. Staff could use the AI agent to review and understand contract terms, reducing dependency on legal teams.
• Data Protection: The company maintained its commitment to data privacy and security, building trust with clients and stakeholders.