Context

The Council of Europe, keen not to ignore recent developments in Large Language Models (LLMs) such as ChatGPT, has identified numerous potential use cases for automating and accelerating work on textual and documentary content. However, these experiments have multiplied informally, without any security framework or best practices, exposing the institution to risks linked to data confidentiality, reliability of results and regulatory compliance.

Need

Faced with this situation, the Technological Innovation department of the Council of Europe wishes to provide its collaborators with a platform for pooling formalized prompts to address the most frequent needs of its collaborators. Datalchemy has been asked to :

  • In-depth audit of the tool used internally with business accounts (architecture, data flow, safeguards, security).
  • Assess the relevance of this platform and LLMs in general to identified business needs (quality information extraction, summary generation, document comparison, use of conversational context).
  • Formulate recommendations to control risks (performance exaggeration, data leakage, non-EU queries) before any large-scale deployment.

Work performed

  • Technical tests on the platform: evaluation of performance, latency and functional coverage.
  • Exchange compartmentalization tests: verification of data isolation between different accounts and contexts.
  • Jailbreaking” tests: attempts to elude restrictions to measure vulnerabilities.
  • Administrator prompt extraction: analysis of system instruction transmission and storage mechanisms.
  • Customer usability tests:
    • insertion of invisible content in queries,
    • client/server citation mechanism and source display,
    • identification of security flaws and points of instability in the customer’s system,
    • simulation of requests from IPs outside the European Union.

Results

For reasons of confidentiality, details of the audit cannot be divulged. Nevertheless, the Council of Europe has incorporated our recommendations for :

  • Reinforcing trade compartmentalization mechanisms,
  • Set up procedures for validating prompts and results,
  • Strictly confine the use of LLMs to authorized use cases that comply with the RGPD.

This mission has enabled the Council of Europe to frame its AI experiments, and to prepare serenely for the possible future industrialization of these assistance tools, in complete safety.