ACCESS DENIED INC: The First Benchmark Environment for Sensitivity Awareness
This work addresses privacy and access control challenges for LLMs in corporate data management, though it is incremental as it introduces a benchmarking tool rather than a new model or method.
The authors tackled the problem of large language models (LLMs) handling sensitive corporate data by proposing sensitivity awareness (SA) to adhere to access rights, and they developed the ACCESS DENIED INC benchmark environment to evaluate it, revealing significant variations in model behavior for managing unauthorized versus legitimate queries.
Large language models (LLMs) are increasingly becoming valuable to corporate data management due to their ability to process text from various document formats and facilitate user interactions through natural language queries. However, LLMs must consider the sensitivity of information when communicating with employees, especially given access restrictions. Simple filtering based on user clearance levels can pose both performance and privacy challenges. To address this, we propose the concept of sensitivity awareness (SA), which enables LLMs to adhere to predefined access rights rules. In addition, we developed a benchmarking environment called ACCESS DENIED INC to evaluate SA. Our experimental findings reveal significant variations in model behavior, particularly in managing unauthorized data requests while effectively addressing legitimate queries. This work establishes a foundation for benchmarking sensitivity-aware language models and provides insights to enhance privacy-centric AI systems in corporate environments.