Security and architecture for Automator AI
- Última actualización2024/10/03
Security and architecture for Automator AI
Find details about data flow, architecture, and security related to Automator AI.
The Control Room acts as the central hub and is crucial for managing, monitoring, and deploying bots, playing a significant role in the flow of user data. When users interact with Automator AI, their text prompts and other relevant data are first received by the Control Room. This data is then processed and sent to external AI services for further analysis and response generation. Specifically, user text prompts are sent to Microsoft Azure OpenAI LLMs, while usage data can be sent to both Microsoft Azure OpenAI and Amazon SageMaker.
Data flow
The data of text prompts are sent from Automator AI to the Microsoft Azure OpenAI LLM. Usage data can be sent to both Microsoft Azure OpenAI and Amazon SageMaker. Definitions of Usage Data and Customer Data can be found in the following reference. See Data security for Generative AI – FAQ
1 Usage data includes names and descriptions of process tasks, command packages and command actions.
2 The definition of Usage Data can be found at the following.Data security for Generative AI FAQs
Architecture
- Backend contains AI Orchestration and API Management services.
- Regional Service Pods are aligned to Control Room regions in AWS or GCP.
- Each Regional Service Pod is mapped to corresponding Azure OpenAI and AWS SageMaker region-specific endpoints.
Security of data across AI services
- Large Language Models (LLM) and external services
- Automator AI accesses licensed LLMs from Microsoft Azure OpenAI to Automation Anywhere and does not use any publicly accessible LLMs. External AI services used by Automator AI include Microsoft Azure OpenAI LLMs and custom LLMs that are hosted on Amazon SageMaker. Automation Anywhere does not allow third-party vendors to store or train LLMs with the prompts or automation metadata sent to them via Automator AI.
- Region mapping of data for external services
- Automation Anywhere A360 cloud tenants are mapped to a specific corresponding Azure OpenAI region. This regional mapping ensures that data is processed within the appropriate geographical boundaries, adhering to local data privacy regulations. User prompts and data entered in Automator AI are sent to this mapped region for processing by Azure OpenAI. See the following mapping table for reference.
Feature | Automation 360 Cloud tenant region | AI Models host region (primary) | AI models host region (disaster recovery) |
---|---|---|---|
|
US, LATAM | US | US, EU |
EU, Africa, Middle East | EU | ||
India, Singapore | Japan | ||
APJ | South India | ||
Australia | Australia | ||
Canada | Canada | ||
|
US, LATAM, EU, Africa, Middle East, APJ, India, Singapore, Australia, Canada | US, EU | US, EU |
Policies and agreements
Automation Anywhere ensures that user data is not used by vendors to train their LLMs or improve their services. Microsoft Azure OpenAI is used for processing user text prompts, and according to the Azure OpenAI Data, Privacy, and Security Guide, incoming prompts are not stored or used to enhance Microsoft services. Automation Anywhere has also opted out of abuse monitoring by Microsoft. See,Azure OpenAI Data, Privacy and Security guide
- Customer data and training AI models
-
Automation Anywhere currently does not use the user text prompts or any other Customer Data for training its own AI models. Prompts submitted by users are currently not stored.
- Vendor access
- For a comprehensive list of vendors who have access to Customer Data submitted to Automator AI, refer to Exhibit C of the Data Processing Addendum (DPA). The applicable vendors will have Intelligent Automation Co-Pilot for Automators in the Applicable Services column. Data processing addendum (DPA)
- Cloud Automation Agreement
-
For the processing of Protected Health Information (PHI) (as defined by C.F.R. § 160.103), our Business Associate Agreement (BAA) is automatically incorporated into our Cloud Automation Agreement . Please reach out to your Customer Success Manager (CSM) or Sales Executive (SE) to check whether you have a BAA in place, and if not, they will get you a copy of our BAA. See, Cloud Automation Agreement.
- Data Processing Agreement (DPA) for personal data entered in Automator AI
- Our DPA is also incorporated into our Cloud Automation Agreement. Please reach out to your Customer Success Manager (CSM) or Sales Executive (SE) to check whether you have a (DPA) in place, and if not, they will get you a signed copy of our DPA. See terms of our DPA in the following. Automation Anywhere DPA Agreement