This topic will explore how to create AI Guardrails in Automation 360. AI Guardrails act as a crucial safeguard, ensuring the responsible use of AI and protecting sensitive information during bot execution.

To create a guardrail in the Control Room:

Note: A preconfigured default guardrail is automatically created for new customers with the required license. This default guardrail can be assigned to folders, or you can create custom guardrails by following the instructions in this topic.

Procedure

  1. In your Control Room environment, navigate to AI > AI Guardrails and click + to create a new AI Guardrails.
  2. In the Create guardrail screen, configure these General settings:
    1. Name: Provide a name to easily identify the AI Guardrails.
    2. Description (optional): Add a short description defining the AI Guardrails.
    3. Click Next to go to the Data masking rule section.
  3. In the Data masking rule section, set up the data masking rules for all Task Bots and AI Skills . You can configure these rules and assign them to folders, ensuring any bot in that folder automatically follows the masking behavior.
    1. Mask all categories: Select this option to enable data masking for all out of the box known sensitive data categories and types. Selecting this option provides a comprehensive approach to data protection by automatically masking any sensitive information detected in prompts and model responses.
    2. Choose the categories and types for which you wish to change data treatment. Categories and types not listed will be masked by default.: Selecting this option provides ability to customize how the AI Guardrails system handles sensitive data.
      1. Click Create a rule to start creating a rule
      2. Select a Category of sensitive data type.
      3. After you pick a Category, select one or more of the following types:
        Personally Identifiable Information (PII):

        PII encompasses any data that can be used to identify an individual. The following types are included:

        • Vehicle Identification number
        • Social Security number
        • Email address
        • IP address
        • Uniform resource locator
        • Person
        • Address
        • Organization
        • Driver's license number
        • Fax number
        • Phone number
        • Vehicle registration number
        • Select all
        Payment Card Industry (PCI):

        PCI data pertains to credit and debit cards, including:

        • Credit card number
        • Bank account number
        • Select all
        Protected Health Information (PHI):

        PHI includes any health-related data that can be used to identify an individual, such as:

        • Medical record number
        • Health beneficiary number
        • License number
        • Death date
        • Discharge date
        • Start date of hospitalization
        • Media access control number
        • Insurance number
        • Health account number
        • Date of birth
        • Select all
        Note: The sensitive entities such as, PII, PHI, PCI, identified within prompts are masked by replacing them with non-sensitive tokens so that they are not exposed to the LLMs. These tokens are replaced when model responses are received to reconstruct them with the original values. The sensitive entities and the tokenized values are securely stored within a vault and retained only for 30 days.
      4. Select the Guardrail behavior
        • Mask: A reversible process where sensitive data is temporarily replaced with a tokenized value. The original data is retrieved and reinstated in the LLM's response before being presented to the user.
        • Anonymize: An irreversible process that permanently replaces sensitive data with a token. The original data is not stored or used to reconstruct the response to the user, making it suitable for scenarios with strict data retention prohibitions.
        • Allow: For specific use cases requiring access to sensitive data, you can choose to allow the data to be sent to the LLM in clear text.
    3. Click Add.
    4. Click Next to proceed to the Assign to folders section.
  4. In the Assign to folders section, select the folders in the public workspace. The AI Guardrails will apply to all the Task Bots and AI Skills within the selected folders.
    Note:
    1. Single guardrail per folder: Only one guardrail can be applied to each folder.
    2. Inheritance for child folders: If a parent folder within the Bots folder has a guardrail assigned to it, all its child folders will automatically inherit the same guardrail.
    3. Parent folder selection: When assigning AI Guardrails, you can only select parent folders within the Bots folder. Child folders cannot be individually assigned AI Guardrails.
  5. Click Create to complete creating the guardrail.

    You will get a system-generated success message stating that your guardrail was created. You will get directed to the AI Guardrails screen displaying a list of AI Guardrails

    You can View guardrail, Edit guardrail, or Delete each guardrail by clicking on the ellipsis next to them. Additionally, the table displays the Folder assigned to, Last modified date/time, and Modified by for each guardrail.

    View, Edit, Delete AI Guardrails

    Actions Function
    View guardrail

    Guardrail details give you a summary view of the guardrail.

    General settings displays the name, description, Data masking, and assign to folders settings.
    Edit guardrail Lets you edit the guardrail details.
    The Edit button is enabled for the Automation Admin only.
    Note: Users, such as the Pro Developer, and Citizen Developer, with the AI STUDIO > View AI Guardrails permission, would be able to see details of the AI Guardrails but not edit it.
    Delete

    Clicking on Delete displays a message asking for your confirmation and then deletes the guardrail. You will get a message confirming the deletion.

    If you delete a guardrail, all AI Skills and automations in the folder referencing the deleted guardrail will not have any AI Guardrails assigned to it.

    The Delete button is enabled for the Automation Admin only.
    Note: Users, such as the Pro Developer, and Citizen Developer, with the AI STUDIO > View AI Guardrails permission, would be able to see details of the AI Guardrails but not delete it.

Next steps

Upon creation, AI Guardrails automatically enforce on all automations within a specified folder. As these automations execute, the AI Governance dashboard will provide insights into the applied data masking techniques and the identified toxicity levels. The dashboard logs also include a column for AI Guardrails.