I'll take a stab at "Also, how secure is Genie AI?" since I've dug into this for our own uses. There aren't many moving parts to Genie, it's really just a fine-tuned LLM and the rest is the same stuff you use in your notebooks.
The most insecure part of Genie I could find is that it uses serverless compute, and serverless compute is hosted in Databricks' tenant, not yours. This means for a brief period of time, the prompt and metadata exist in the memory of a VM hosted outside your realm. Per the docs, serverless compute nodes are isolated from one another but to me there is an "ick factor" when I make the statement "our data never leaves our environment" to the business and then I have to explain this technicality to InfoSec.
Genie itself does not access any of your data directly. The prompt and your metadata are sent to the Genie model, which then generates a SQL statement. This SQL is then executed on the serverless compute engine against the data stored in your tenant, same as if you were using a notebook or DLT job with serverless compute.
The LLM behind Genie is currently the Azure Open AI Model, which is Microsoft's hosted version of the LLM behind ChatGPT, and Databricks opted in to "exemption from abuse monitoring and human review program, under which Microsoft does not store any prompts and completions sent to the Azure OpenAI service" (see Work with an AI/BI Genie space - Azure Databricks | Microsoft Learn). If you're on AWS or GCP I'd expect the models are different but I didn't check.
My reply here is what I understand at this time, but security is fight club so solid answers are difficult to come by.
