Doppler Logo
Dec 04, 2024
8 min read

How we’re using generative AI

Chandler Mayo Avatar
Chandler Mayo
Senior Developer Advocate, Doppler
How we’re using generative AI

We pride ourselves on helping engineers securely handle sensitive data like API keys and certificates. One of the most disruptive advancements we’ve encountered is generative AI. From creating content to enhancing developer workflows, AI is shaping how teams work—but it also presents unprecedented security challenges.

This blog will explore how we use AI at Doppler to empower teams, improve efficiency, and avoid potential risks. We’ll also dive into our established practices to ensure AI is utilized responsibly without compromising the trust our customers place in us. Let’s uncover how AI transforms secrets management and why security should always remain a priority.

The double-edged sword of generative AI

Generative AI is undeniably a game-changer. It allows companies to move faster, automate tasks, and iterate on ideas with unparalleled speed. We recognize the incredible potential this technology offers—whether it’s for drafting content, analyzing data, or even helping engineers prototype solutions. However, alongside these benefits comes an inherent risk: the security implications of AI.

Generative AI has introduced new ways for bad actors to exploit systems. For example:

  • Phishing attacks: AI can now generate highly targeted phishing emails that mimic legitimate communications, leveraging scraped data to tailor messages specifically to individuals. This increases the likelihood of success, making traditional training less effective.
  • Ransomware evolution: AI can help customize and automate ransomware attacks, targeting organizations in ways that exploit their specific vulnerabilities.
  • Jailbreaking AI models: Many companies unknowingly deploy AI models that can be manipulated to reveal sensitive data or bypass intended safeguards.

We’re acutely aware of these risks, so we approach generative AI cautiously. While AI can enhance productivity, mitigating its potential for exposing secrets or introducing vulnerabilities in critical systems is crucial. Next, let's look into how individual teams at Doppler use generative AI and their security concerns.

How our engineering team navigates AI

As the team responsible for building Doppler, our engineers approach AI with heightened caution. We are a trusted security tool, and preserving that trust means implementing AI thoughtfully and ensuring it aligns with our rigorous standards.

Where AI fits in engineering

While the engineering team avoids using generative AI in application logic due to the sensitive nature of secrets management, they have identified specific areas where AI can provide value:

  • Writing tests: AI assists in generating boilerplate test cases, saving time while allowing engineers to focus on refining and verifying complex functionality.
  • Prototyping scripts: For simple tasks like writing scripts in Bash or automating repetitive processes, AI helps generate initial drafts. Engineers then review and tweak the output to ensure it meets performance and security standards.

Why do we avoid AI in core application logic?

For critical systems like ours that handle secrets, the risks of generative AI outweigh the benefits. AI-generated code may introduce subtle vulnerabilities or patterns that can lead to data leaks. Examples include:

  • Logging sensitive information like API keys inadvertently.
  • Misconfigured behaviors that seem correct at first glance but fail under scrutiny.

Generative AI flips the development process. It determines how the service behaves, and you go back to correct it. This approach risks missing critical issues, especially when security is paramount.

The security-first mindset

To ensure security, the engineering team operates with explicit rules:

  1. No AI in production logic: Generative AI is not used for backend services, frontend code, or API layers that handle secrets.
  2. Thorough review of AI output: Even for simple scripts and tests, engineers meticulously review the code to confirm it behaves as expected and does not introduce vulnerabilities.
  3. Security team consultation: Any new tool, AI included, is vetted by our security team before adoption.

By carefully limiting where and how AI is used, our engineering team maintains the integrity of Doppler while still benefiting from AI’s time-saving capabilities in non-critical areas.

How our marketing team leverages AI

At Doppler, our marketing team has embraced AI to supercharge efficiency and creativity. For a small, agile team responsible for driving traffic, generating signups, and supporting sales, AI has become a valuable assistant. It helps tackle tasks that would otherwise require significant time and resources.

Here’s how our marketing team uses AI:

  • Content creation: Generative AI assists in brainstorming and drafting copy for social media posts, email campaigns, and other materials. It helps get the team to focus their energy on refining and personalizing content.
  • Data synthesis: AI enables rapid analysis by aggregating data from sources like third-party review sites and marketing performance metrics. For instance, AI tools can extract themes and trends from user reviews or identify patterns in website analytics—work that previously took days or weeks can now be done in minutes.
  • Idea generation: Whether exploring new campaign concepts or identifying user pain points from customer feedback, AI acts as a virtual brainstorming partner, sparking ideas that align with the team’s objectives.

Prioritizing security in marketing

While AI is a powerful tool, the marketing team takes data security seriously. Clear guidelines ensure no sensitive or identifiable information, such as customer names or financial metrics, is shared with AI systems. As our Head of Go-to-Market, Amber Britten, aptly said, “Anything you wouldn’t want read aloud in a courtroom shouldn’t go into an AI tool.”

How our sales team uses AI

The sales team at Doppler focuses on building relationships with customers, from evaluating whether Doppler fits their needs to ensuring long-term success. Generative AI has become a helpful companion, enabling the team to handle tasks more efficiently without compromising the trust and security our customers expect.

Here’s how the sales team leverages AI:

  • Email drafting: AI is used to ghostwrite email drafts and reach out to customers. By inputting high-level themes and organizational context, the team generates initial drafts that can be tailored to resonate with prospects, ensuring each message feels personalized and relevant.
  • Meeting summaries: The team captures detailed notes from customer calls using AI-powered transcription tools. These tools summarize discussions and provide full transcripts, streamlining internal follow-ups and improving collaboration across departments.
  • Research and Insights: AI tools like Perplexity.ai assist with market research and competitive analysis, helping the team gather information quickly and identify actionable insights.

Security considerations in sales

Like other departments, the sales team is diligent about safeguarding data when using AI. No personally identifiable information (PII), such as customer names or email addresses, is ever included in prompts. Instead, the team uses company-level information to ensure security while providing enough context for AI to generate useful output.

By maintaining a narrow and thoughtful approach to AI use, the sales team ensures that their work benefits from increased productivity without exposing sensitive data.

Final thoughts: Balancing innovation and security

We see AI as both a powerful tool and a potential risk. It can transform workflows, enhance productivity, and accelerate innovation across every team. From marketing to sales to engineering, AI helps us accomplish more with fewer resources and sharper insights. But with this power comes responsibility.

As a security-first company, we approach AI with the same rigor that defines everything we do. By setting clear boundaries, establishing thoughtful policies, and continuously educating our teams, we ensure that AI’s benefits never come at the expense of security. Whether safeguarding customer data, preventing accidental leaks, or staying ahead of threats like AI-enhanced phishing attacks, we remain vigilant in protecting what matters most.

Generative AI is here to stay, and its rapid evolution means the rules will continue to change. The key is not to fear this change but to embrace it with care and consideration. By balancing innovation with security, companies like us can leverage AI responsibly and stay ahead in a competitive landscape.

We hope this look into how we use AI inspires you to think critically about how your organization approaches this transformative technology.

If you want to learn more about our secrets management platform, try a free demo.

Enjoying this content? Stay up to date and get our latest blogs, guides, and tutorials.

Related Content

Explore More
Self-hosted vs. managed secrets: Which scales better for modern infrastructure?
Security
Self-hosted vs. managed secrets: Which scales better for modern infrastructure?As security needs increase, secrets management solutions are called on more frequently than ever before.
Read More
Why software engineers are resistant to change
DevRel
Why software engineers are resistant to changeCultivating a culture of continuous learning and adaptation is vital to staying relevant and competitive
Read More
Secrets sprawl in GitHub repositories
Security
Secrets sprawl in GitHub repositoriesLearn about secrets sprawl, its impact on development, how it leaks secrets into GitHub repositories, and tips for prevention
Read More

Enter the new era of secrets management

Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.

Start for FreeGet Demo