You can de-identify sensitive data using Skyflow\u2019s polymorphic encryption and tokenization engine that\u2019s included within Skyflow Data Privacy Vault. This includes detection of PII but also terms you define within a sensitive data dictionary, like intellectual property (i.e. Project Titan).<\/p>\n
Of course, only Project Titan team members who use the chatbot should be able to access the sensitive project data. Therefore, when the chatbot forms a response, we\u2019ll rely on Skyflow\u2019s governance engine (which provides fine-grained access control) and detokenization API to retrieve the sensitive data from the data privacy vault, making it available only to authorized end users.<\/p>\n
Before we dive into the technical implementation, let\u2019s go through a brief overview of foundational LLM concepts. If you\u2019re already familiar with these concepts, you can skip the next section.<\/p>\n
A brief primer on LLMs<\/h1>\n
LLMs are sophisticated artificial intelligence (AI) systems designed to analyze, generate, and work with human language. Built on advanced machine learning architectures, they are trained on vast quantities of text data, enabling them to generate text that is convincingly human-like in its coherence and relevance.<\/p>\n
LLMs leverage a technology called\u00a0transformers\u00a0<\/em>\u2014 one example is GPT, which stands for Generative Pre-Trained Transformer \u2014 to predict or generate a piece of text when given input or context. LLMs learn from patterns in the data they are trained on and then apply these learnings to understand newly given content or to generate new content.<\/p>\n Despite their benefits, LLMs pose potential challenges in terms of privacy, data security, and ethical considerations. This is because LLMs can inadvertently memorize sensitive information from their training data or generate inappropriate content if not properly regulated or supervised. Therefore, the use of LLMs necessitates effective strategies for data handling, governance, and preserving user privacy.<\/p>\n When embarking on any LLM project, we need to start with a model. Many open-source LLMs have been released in recent months, each with its specific area of focus. Instead of building an entire LLM model from scratch, many developers choose a pre-built model and then adjust the model with vector embeddings generated from domain-specific data.<\/p>\n Vector embeddings encapsulate the semantic relationship between words and help algorithms understand context. The embeddings act as an additional contextual knowledge base to help augment the facts known by the base model.<\/p>\n In our case, we\u2019ll begin with an\u00a0existing model from Hugging Face<\/a>, and then customize it with embeddings.\u00a0Hugging Face<\/a>\u00a0provides ML infrastructure services as well as open-source models and datasets.<\/p>\n In addition to the Hugging Face model, we\u2019ll use the following additional tools to build out our privacy-preserving LLM-based ETL pipeline and chatbot:<\/p>\n The following diagram shows the high-level ETL and embeddings data flow:<\/p>\n The ETL and embeddings flows from end to end are:<\/p>\n ETL<\/strong><\/p>\n Create vector embeddings<\/strong><\/p>\n Once the model has been customized with the Project Titan information, the user interaction and inference flow is as follows:<\/p>\n User interaction and inference information flow<\/p>\n 2. Retrieve embeddings<\/strong><\/p>\n 3. Inference<\/strong><\/p>\n 4. Chat UI response<\/strong><\/p>\n Now that we\u2019re clear on the high-level process, let\u2019s dive in and take a closer look at each step.<\/p>\n Cleaning the source data with Skyflow Data Privacy Vault is fairly straightforward and I\u2019ve covered some of this in a\u00a0prior post<\/a>. In this case, we need to process all the source documents for Project Titan available in an AWS S3 bucket.<\/p>\n Skyflow will store the raw files, de-identify PII and IP, and save the clean files to another S3 bucket.<\/p>\n Next, we\u2019ll configure Snowpipe to detect new documents in our S3 bucket and load that data into Snowflake. To do this, we\u2019ll need to create the following in Snowflake:<\/p>\n With that, we have raw data that goes through a de-identification process, and then we store the plaintext sensitive data in Snowflake. Any sensitive data related to Project Titan is now obscured in the LLM, but because of Skyflow\u2019s polymorphic encryption and tokenization, the de-identified data has referential integrity, meaning we can return the data to its original form when interacting with the chatbot.<\/p>\n Now that we have our de-identified text data stored in Snowflake, we\u2019re confident that all information related to Project Titan has been properly concealed. The next step is to create embeddings of these documents.<\/p>\n We\u2019ll use the\u00a0Instructor<\/a>\u00a0model provided by Hugging Face as our embedding model. We store our embeddings in Chroma, a vector database built expressly for this purpose. This will allow for the downstream retrieval and search support of the textual data stored in our vector database.<\/p>\n The code below loads the base model, embedding model, and storage context.<\/p>\n Next, we need to load all documents and add them to the vector store. For this, we use the\u00a0Snowflake document loader<\/a>\u00a0in LangChain.<\/p>\n With the training document and vector store created, we create the question-answering chain.<\/p>\n This question (\u201cWhat is Project Titan?\u201d) will fail because the model doesn\u2019t actually know about Project Titan, it knows about a de-identified version of the string \u201cProject Titan\u201d.<\/p>\n To issue a query like this, the query needs to be first sent through Skyflow to de-identify the string and then the de-identified version is passed to the model. We\u2019ll tackle this next as we start to put the pieces together for our chat UI.<\/p>\n We\u2019re ready to focus on the chatbot UI aspect of our project, dealing with accepting and processing user input as well as returning results with Project Titan data detokenized when needed.<\/p>\n For this portion of the project, we will use Streamlit for our UI. The code below creates a simple chatbot UI with Streamlit.<\/p>\n Our simple chat UI looks like this:<\/p>\n As you can see, the UI accepts a user input, but doesn\u2019t currently integrate with our LLM. Next, we need to send the user input to Skyflow for de-identification before we use RetrievalQA to answer the user\u2019s question. Let\u2019s start with accepting and processing our input data.<\/p>\n To detect and de-identify plaintext sensitive data with Skyflow, we can use the detect API endpoint with code similar to the following:<\/p>\n Now that we\u2019ve de-identified the user input data, we can send the question to RetrievalQA, which will then use a QA chain to answer the question from our documents.<\/p>\n We now have our response from RetrievalQA. However, we need to take one additional step before we can send it back to our user: detokenize (re-identify) our response through Skyflow\u2019s detokenization API. This is fairly straightforward, similar to previous API calls to Skyflow.<\/p>\n Everything we need is encapsulated by the function performInference, which calls a function to reIdentifyText after the completion is returned.<\/p>\n Who can see what and in which format is controlled by Skyflow\u2019s governance engine. There\u2019s too much to cover here, but if you want to learn more, see\u00a0Introducing the Skyflow Data Governance Engine<\/a>.<\/p>\n These final steps connect our entire application from end-to-end. Now, we need to update our UI code from above so that the response is correctly set.<\/p>\nA technical overview of the solution<\/h1>\n
\n
<\/picture><\/div>\n<\/div>
\n
\n
<\/picture><\/div>\n<\/div>\n<\/figure>\n
\n
\n
\n
\n
\n
ETL: Cleaning the source data<\/h1>\n
import<\/span> boto3\r\nfrom<\/span> skyflow.vault import<\/span> ConnectionConfig, Configuration, RequestMethod\r\n\r\n# Authentication to Skyflow API<\/span>\r\nbearerToken = ''<\/span>\r\ndef<\/span> tokenProvider<\/span>():\r\n global<\/span> bearerToken\r\n if<\/span> is_expired(bearerToken):\r\n return<\/span> bearerToken\r\n bearerToken, _ = generate_bearer_token('<YOUR_CREDENTIALS_FILE_PATH>'<\/span>)\r\n return<\/span> bearerToken\r\n\r\ndef<\/span> processTrainingData<\/span>(trainingData<\/span>):\r\n try<\/span>:\r\n # Vault connection configuration<\/span>\r\n config = Configuration('<YOUR_VAULT_ID>'<\/span>, '<YOUR_VAULT_URL>'<\/span>, tokenProvider)\r\n\r\n # Define the connection API endpoint<\/span>\r\n connectionConfig = ConnectionConfig('<YOUR_CONNECTION_URL>'<\/span>, RequestMethod.POST,\r\n requestHeader = {\r\n 'Content-Type'<\/span>: 'application\/json'<\/span>,\r\n 'Authorization'<\/span>: '<YOUR_CONNECTION_BASIC_AUTH>'<\/span>\r\n }\r\n requestBody = {\r\n 'trainingData'<\/span>: trainingData\r\n }\r\n \r\n # Connect to the vault<\/span>\r\n client = Client(config)\r\n \r\n # Call the Skyflow API to de-identify the training data<\/span>\r\n response = client.invoke_connection(connectionConfig)\r\n\r\n # Define the S3 bucket name and key for the file<\/span>\r\n bucketName = \"clean-data-bucket\"<\/span>\r\n fileKey = \"{timestamp}-{generated-uuid}\"<\/span>\r\n\u200b\r\n # Write the data to a file in memory<\/span>\r\n fileContents = bytes<\/span>(response.training_data.encode(\"UTF-8\"<\/span>))\r\n\u200b\r\n # Upload the file to S3<\/span>\r\n s3 = boto3.client(\"s3\"<\/span>)\r\n s3.put_object(Bucket=bucketName, Key=fileKey, Body=fileContents)\r\n except<\/span> SkyflowError as<\/span> e:\r\n print<\/span>('Error Occurred:'<\/span>, e)<\/span><\/pre>\n\n
CREATE<\/span> OR<\/span> REPLACE TABLE<\/span> custom_training_data (\r\n training_text BINARY<\/span>\r\n );\r\n\u200b\r\nCREATE<\/span> OR<\/span> REPLACE FILE FORMAT training_data_json_format\r\n TYPE =<\/span> JSON;\r\n\u200b\r\nCREATE<\/span> OR<\/span> REPLACE TEMPORARY STAGE training_data_stage\r\n FILE_FORMAT =<\/span> training_data_json_format;\r\n\u200b\r\nCREATE<\/span> PIPE custom_training_data\r\n AUTO_INGEST =<\/span> TRUE<\/span>\r\n AS<\/span>\r\n COPY<\/span> INTO<\/span> custom_training_data\r\n FROM<\/span> (SELECT<\/span> $1<\/span>:records.fields.training_text\r\n FROM<\/span> @ training_data_stage t)\r\n ON_ERROR =<\/span> 'continue'<\/span>;<\/span><\/pre>\nCreating vector embeddings: Customizing our LLM<\/h1>\n
from<\/span> langchain.chat_models import<\/span> ChatOpenAI\r\nfrom<\/span> langchain.embeddings import<\/span> HuggingFaceEmbeddings\r\nfrom<\/span> langchain.embeddings.openai import<\/span> OpenAIEmbeddings\r\n\r\nmodel_id = \"hkunlp\/instructor-large\"<\/span>\r\nembed_model = HuggingFaceEmbeddings(model_name=model_id)\r\nvectorstore = Chroma(\"langchain_store\"<\/span>, embed_model)<\/span><\/pre>\nfrom<\/span> snowflakeLoader import<\/span> SnowflakeLoader\r\nimport<\/span> settings as<\/span> s\r\n\r\nQUERY = \"select training_text as source from custom_training_data\"<\/span>\r\nsnowflake_loader = SnowflakeLoader(\r\n query=QUERY,\r\n user=s.SNOWFLAKE_USER,\r\n password=s.SNOWFLAKE_PASS,\r\n account=s.SNOWFLAKE_ACCOUNT,\r\n warehouse=s.SNOWFLAKE_WAREHOUSE,\r\n role=s.SNOWFLAKE_ROLE,\r\n database=s.SNOWFLAKE_DATABASE,\r\n schema=s.SNOWFLAKE_SCHEMA,\r\n metadata_columns=[\"source\"<\/span>],\r\n)\r\ntraining_documents = snowflake_loader.load()\r\n\r\nvector_store.add_documents(training_documents)<\/span><\/pre>\nqa = RetrievalQA.from_chain_type(llm=ChatOpenAI(temperature=0.2<\/span>,model_name='gpt-3.5-turbo'<\/span>),\r\n chain_type=\"stuff\"<\/span>, \r\n retriever=vector_store.as_retriever())\r\nresult = qa.run(\"What is Project Titan?\"<\/span>)<\/span><\/pre>\nChat UI Input: Preserving privacy of user-supplied data<\/h1>\n
import<\/span> openai\r\nimport<\/span> streamlit as<\/span> st\r\n\r\nst.title(\"\ud83d\udd0fAcme Corp Assistant\"<\/span>)\r\n\r\n# Initialize the chat messages history<\/span>\r\nif<\/span> \"messages\"<\/span> not<\/span> in<\/span> st.session_state.keys():\r\n st.session_state.messages = [\r\n {\"role\"<\/span>: \"assistant\"<\/span>, \"content\"<\/span>: \"Hello \ud83d\udc4b! \\nHow can I help?\"<\/span>}\r\n ]\r\n\r\n# Prompt for user input and save<\/span>\r\nif<\/span> prompt := st.chat_input():\r\n st.session_state.messages.append({\"role\"<\/span>: \"user\"<\/span>, \"content\"<\/span>: prompt})\r\n\r\n# display the prior chat messages<\/span>\r\nfor<\/span> message in<\/span> st.session_state.messages:\r\n with<\/span> st.chat_message(message[\"role\"<\/span>]):\r\n st.write(message[\"content\"<\/span>])\r\n\r\n# If last message is not from assistant, we need to generate a new response<\/span>\r\nif<\/span> st.session_state.messages[-1<\/span>][\"role\"<\/span>] != \"assistant\"<\/span>:\r\n # Generate a response<\/span>\r\n with<\/span> st.chat_message(\"assistant\"<\/span>):\r\n with<\/span> st.spinner(\"Thinking...\"<\/span>):\r\n response = \"TODO\"<\/span>\r\n\r\n message = {\"role\"<\/span>: \"assistant\"<\/span>, \"content\"<\/span>: response}\r\n st.session_state.messages.append(message)<\/span><\/pre>\n<\/picture><\/div>\n<\/div>\n<\/figure>\n
def<\/span> deIdentifyText<\/span>(input<\/span><\/span>):\r\n data = {\r\n \"text\"<\/span>: [\r\n {\r\n \"message\"<\/span>: input<\/span>\r\n }\r\n ],\r\n \"deidentify_option\"<\/span>: \"tokenize\"<\/span>\r\n }\r\n response = client.detect(data)\r\n\r\n return<\/span> response[0<\/span>].processed_text<\/span><\/pre>\ndef<\/span> performCompletion<\/span>(input<\/span><\/span>):\r\n clean_input = deIdentifyText(input<\/span>)\r\n\r\n qa = RetrievalQA.from_chain_type(llm=ChatOpenAI(temperature=0.2<\/span>,model_name='gpt-3.5-turbo'<\/span>),\r\n chain_type=\"stuff\"<\/span>, \r\n retriever=vector_store.as_retriever())\r\n return<\/span> qa.run(clean_input)<\/span><\/pre>\ndef<\/span> performInference<\/span>(input<\/span><\/span>):\r\n response = performCompletion(input<\/span>)\r\n\r\n return<\/span> reIdentifyText(response)<\/span><\/pre>\n# If last message is not from assistant, we need to generate a new response<\/span>\r\nif<\/span> st.session_state.messages[-1<\/span>][\"role\"<\/span>] !=