Setting the stage

AI continues to drive innovation and push boundaries across the industry; with this new productivity power we must continue securing organizational data and ensure we are surfacing risky events including those related to the use of AI.

This now extends to custom built AI applications as they grow in popularity. Based on Microsoft-conducted research, 95% of organizations¹ are planning to or already using and developing AI applications.

Current Challenges

GenAI-nxiety is on the rise for both organization leaders and developers alike. Insufficient visibility into the usage of AI applications & usage of AI against organization policies can result in security and compliance challenges.

Challenges both developers and security administrators alike face.

75% of developer decision makers believe they can prevent unauthorized data exposures but still worry about broader security risks². 65% of both security and developer decision makers have expressed the need to compromise on security controls due to resource constraints². These security risks can be aligned to three primary concerns for both developers and security administrators:

1. The possibility of a user inadvertently leaking sensitive data to AI apps²
2. Users having access to sensitive data they are not authorized to view or extract via AI apps²
3. Users leveraging AI apps to generate unethical or other high-risk content²

As developers begin building an AI app, they not only aim to deliver it quickly but also strive to create a secure and enterprise-ready solution. A natural next step is to embed enterprise-grade data security and compliance directly into their application.

Microsoft Purview SDK

Microsoft Purview helps to enable data security, governance, and compliance in a unifed approach, including the enablement of discovering AI risks, detection and mitigation of oversharing, and supporting governance of AI usage. Whenever you use Microsoft 365 Copilot you see how these protections are integrated first hand.

To extend these capabilities to custom built AI applications we are pleased to announce the Microsoft Purview SDK, now in public preview! The Purview SDK features REST APIs, documentation, and simple to use code examples, making the task of incorporating Microsoft Purview's sophisticated data security and compliance capabilities into your AI apps from any integrated development environment (IDE) easy.

Integrating your AI app with our new Purview SDK REST API will allow the app to push prompt and response-related data into Microsoft Purview, which automatically provides signals to security and compliance teams to support investigations by discovering, protecting, and governing data. Additionally, this code enables Purview to perform inline protection over prompts to identify and block sensitive data from being accessed by the LLM.

When developers integrate the Purview SDK into their AI applications end customers will benefit from the new visibility into their custom AI applications usage, mitigate data exposure risk, and meet new compliance requirements with auditing and eDiscovery capabilities at their disposal.

Thank you to our Partners

During our private preview for the Purview SDK, we were able to gather invaluable insights and feedback on integration scenarios, customer and partner use cases, testing, and validation of the REST APIs helping to prepare for today’s public preview. 

We would like to share two quotes from our private preview members:

“Avanade are extremely proud to be a design partner for the Microsoft Purview SDK, this new innovation from Microsoft has the potential to bring Data Security into Custom Gen AI applications, ensuring they meet organization compliance and align with data security policies as well as providing deep insights that enables detection and response in a space that was previously a black box for security operations.” 

Bob Bruns

Chief Information Security Officer, Avanade

“Embedding the Purview SDKs in our legal and compliance platform enhances AI security and governance of our clients’ data. Organizations can integrate Purview’s governance controls into their AI applications, and require third-party providers to integrate them, creating a single pane of glass to monitor AI usage.”

Jon Kessler

Vice President, Epiq

We would like to thank those mentioned above and all who were involved in our private preview!

Thank you Avanade, Epiq, EY, Infosys, Infotechtion, and Quisitive for your participation and partnership in the private preview

Explore more

As you can see, we have a lot to be excited about and look forward to seeing how YOU take your AI applications to the next level with our Purview SDK.

1. Read more about the Purview SDK and much more from Build
2. Learn how to get started with the Purview SDK

¹ Security for AI Thought Leadership Whitepaper, November 2024

² ISMG First Annual Generative Al Study: Business rewards vs. Security Risks