GPT‑5.2 is reshaping enterprise workflows: Box reports massive speed gains as the new model rewrites its OCR pipeline. Aaron Levie says the generative AI boost is just the start for cloud productivity. Curious how a language model can turbo‑charge document processing? Read the full story. #GPT5_2 #BoxAI #OCRrevolution #EnterpriseAI
🔗 https://aidailypost.com/news/gpt-52-lifts-workflows-box-sees-performance-jumps-model-rewrites-ocr
I'm now pretty convinced that box AI does (at least sometime) leak information.
A copy of the two chats and my test file is at https://mvpa.blogspot.com/2025/03/fun-with-box-ai-information-leakage.html
Evidence: in session 1 with a file I told box AI that the "white" subjects were "silly" and that the ages were given in days. In session 2 (four days later, different computer, different network) I started a new box AI session with the file, and it answered "how old are the silly subjects in years?" with the "white" subject ID codes, and converted the ages from days to years without being given those details again.
The box AI chats do not reproduce exactly every time, even with the same questions about the same file. But that it ever "remembered" things like "silly = white" across sessions (and users, in tests with colleagues) is deeply concerning in my context of protecting participant privacy.
Here's an update on my attempt to determine how concerned to be about the privacy and security of our data now that my employer added Box AI.
I'm most worried about information "leaking" from one AI session to another, so decided to test for that. Spoiler: info did seem to be retained over time and users.
For the tests I used a text file with an interview_age column in months, though that it's months isn't given in the document.
In the first box AI chat, when I asked "how old are the participants in years?", as expected, it reported the values as given in the interview_age column (e.g., that one participant was 458 years old). I then told the AI that "the ages in the
document are in months. how old are they in years?", after which it (reasonably) divided by 12 to convert.
The test was whether, in later sessions, box AI would "remember" that the age column was in months and report the age in years after dividing by 12 without being told to do so.
In our tests, that is what happened: the box AI usually converted the ages correctly first try in later sessions, both when I queried the same document from different computers (my wustl.box account but on different days and networks), and when two colleagues opened their first AI session with a newly-shared copy of the document.
It'll be interesting to hear what our IT folks think, but I am getting less and less confident in box for sensitive data.
Box AI revolutioniert Ihr Dokumentenmanagement
- Automatisierte Dokumentenverarbeitung
- Nahtlose Integration für KMUs
- Effizienzsteigerung im Büroalltag
#ai #ki #artificialintelligence #kuenstlicheintelligenz #BoxAI #dokumentenmanagement #mittelstand
Anyone know about box AI and sensitive documents? I am dubious that it is secure (or useful), but recently WashU enabled it.
After a few messaging rounds trying to get details about what the Box AI button does, the wustl IT folks sent this: "Yes, the HIPAA protections are still in place with the BOX-AI application.
Box AI securely engages an external AI provider to compute embeddings from these text chunks and the user’s question. Advanced embeddings models, such as Azure OpenAI’s ada-02, are utilized for this purpose. Let’s peek behind the curtain on this step, and see what all is done as part of Computing embeddings:
a. Secure data transfer: The embeddings computation involves an end-to-end encrypted network API call to one of Box supported AI providers (GCP, Azure, based on which AI model is being used).
b. In-memory processing: The AI provider processes the data in memory without storing any data in logs or writing it to disk, preventing any permanent record of the document. We take precautions to ensure our providers do not save the data during processing. [...]
c. Rapid processing: [...] after which the query, the answer and any context from the document is purged from the AI provider’s memory.
d. Data use assurance: AI model providers never use the customer data for training any of their models nor for logging any information."
Should I be relieved and tell my colleagues box AI is ok? Or move all our sensitive data from box?
I asked the #wustl IT folks if there were plans to implement #BoxAI, as we have sensitive human research data stored in box.
IT replied that there are currently no plans to enable the #AI, and that no changes would be made that violate #HIPAA compliance. I asked that they update their guidance accordingly, but have not seen it yet.
I suspect this is only the very start of #cloud-related human-subjects research #privacy issues.
Last Friday I (and everyone else at #WashU?) got an email from #box announcing "The all-new Box AI." The university box storage is described as #HIPAA compliant and encrypted when stored (https://it.wustl.edu/items/box-summary-of-terms-and-conditions/), which sounds good.
But the "related to providing file storage services" restriction sounds like it would allow #BoxAI, since that is described as improving access to the institution's files stored in box. (https://www.box.com/ai). I'll be asking our IT for clarification.
Data ownership – The ownership for all documents stored in the Box environment is the same as in an internally hosted environment. Washington University in St. Louis has the ability to access and retrieve data to support normal business operations, respond to legal requests, and to recover data and services. Data access and use by the […]
AI Daily Post
Jo Etzel
KINEWS24
AlternativeTo