Securing Model Parameters
Does the model have controls in place to secure its hyper parameters?
Eg. The AI co-pilot uses standard encryption protocols and has built in access controls to prohibit unauthorized access to parameters. Additionally, it uses zero-knowledge proof techniques to allow certain computations to be performed on the model's parameters without revealing the parameters.
Security & Compliance Costs
Performance & Monitoring Costs
Training on Sensitive Data
Does the model use techniques to minimize exposure of training on sensitive data?
Eg. The AI co-pillot uses federated learning, where the model is trained collaboratively without sharing sensitive data, reducing the exposure of confidential information.
Data Labelling Costs
Data Acquisition, Storage and Processing Costs
Security & Compliance Costs
Infrastructure Costs
Input & Output Validation & Sanitization
Does the co-pilot use techniques to filter model input and outputs to avoid malicious inputs, harmful content, injection attacks etc?
Eg. Input data to & output from the co-pilot is validated and sanitized to prevent malicious inputs via mechanisms such as data validation, sanitization, explicit whitelisting, escaping special characters, content moderation, custom filters and human review.
Security & Compliance Costs
Performance & Monitoring Costs
Sensitive Information Storage & Retention
If the co-pilot collects PII or PFI, does it securely store and retain data for a finite period? Do customers have the capability to forget their data or tweak retention periods?
Eg.The co-pilot uses techniques such as identifying and masking PII / PFI for model fine tuning and training. Any PII and PFI stored is retained for a year with clear opt out and tweak-able retention periods by customer.
Security & Compliance Costs
Performance & Monitoring Costs
Does the co-pilot use industry standard protocols to secure data in motion / transit and data ar rest?
Eg. The AI co-pilot leverages TLS 1.2 / HTTPS protocol to encrypt data in motion and AES 256 to encrypt data at rest.
Security & Compliance Costs
Performance & Monitoring Costs
Industry Standard Compliance
Does the co-pilot software follow standard industry standard protocols such as SOC 2 and GDPR?
Eg. Yes, the co-pilot software is SOC 2 Type 2, GDPR and CCPA compliant.
Security & Compliance Costs
Performance & Monitoring Costs
Transparency and Accountability
Does the co-pilot software have the capability to expose an audit trail of decision making including events such as the identified customer intent, systems referenced, citations etc?
Eg. Yes, the support co-pilot can present an audit trail of the acknowledged customer request, classified intent, cite the knowledge base referenced and highlight the recommendation made.
Security & Compliance Costs
Performance & Monitoring Costs