Security and architecture for Automator AI

Find details about data flow, architecture, and security related to Automator AI.

The Control Room acts as the central hub and is crucial for managing, monitoring, and deploying bots, playing a significant role in the flow of user data. When users interact with Automator AI, their text prompts and other relevant data are first received by the Control Room. This data is then processed and sent to external AI services for further analysis and response generation. Specifically, user text prompts are sent to Microsoft Azure OpenAI LLMs, while usage data can be sent to both Microsoft Azure OpenAI and Amazon SageMaker.

Data flow

The data of text prompts are sent from Automator AI to the Microsoft Azure OpenAI LLM. Usage data can be sent to both Microsoft Azure OpenAI and Amazon SageMaker. Definitions of Usage Data and Customer Data can be found in the following reference. See Data security for Generative AI – FAQ


Image illustrates the flow of data from a user to servers.

1 Usage data includes names and descriptions of process tasks, command packages and command actions.

2 The definition of Usage Data can be found at the following.Data security for Generative AI FAQs

Architecture

Image illustrates the architecture of Control Room, regional service pod and data.

  • Backend contains AI Orchestration and API Management services.
  • Regional Service Pods are aligned to Control Room regions in AWS or GCP.
  • Each Regional Service Pod is mapped to corresponding Azure OpenAI and AWS SageMaker region-specific endpoints.

Security of data across AI services

To ensure the security of user data, Automation Anywhere employs several measures. Automation Anywhere ensures secure and efficient data processing by mapping cloud tenants to compliant regions, and strictly prohibiting third-party vendors from accessing user data for training purposes.
Large Language Models (LLM) and external services
Automator AI accesses licensed LLMs from Microsoft Azure OpenAI to Automation Anywhere and does not use any publicly accessible LLMs. External AI services used by Automator AI include Microsoft Azure OpenAI LLMs and custom LLMs that are hosted on Amazon SageMaker. Automation Anywhere does not allow third-party vendors to store or train LLMs with the prompts or automation metadata sent to them via Automator AI.
Region mapping of data for external services
Automation Anywhere A360 cloud tenants are mapped to a specific corresponding Azure OpenAI region. This regional mapping ensures that data is processed within the appropriate geographical boundaries, adhering to local data privacy regulations. User prompts and data entered in Automator AI are sent to this mapped region for processing by Azure OpenAI. See the following mapping table for reference.
Tabla 1. Region mapping table
Feature Automation 360 Cloud tenant region AI Models host region (primary) AI models host region (disaster recovery)
  • Autopilot
  • Suggest Next Actions
US, LATAM US US, EU
EU, Africa, Middle East EU
India, Singapore Japan
APJ South India
Australia Australia
Canada Canada
  • Co-Pilot for Automators
  • Generative Recorder
US, LATAM, EU, Africa, Middle East, APJ, India, Singapore, Australia, Canada US, EU US, EU

Policies and agreements

Automation Anywhere ensures that user data is not used by vendors to train their LLMs or improve their services. Microsoft Azure OpenAI is used for processing user text prompts, and according to the Azure OpenAI Data, Privacy, and Security Guide, incoming prompts are not stored or used to enhance Microsoft services. Automation Anywhere has also opted out of abuse monitoring by Microsoft. See,Azure OpenAI Data, Privacy and Security guide

Customer data and training AI models

Automation Anywhere currently does not use the user text prompts or any other Customer Data for training its own AI models. Prompts submitted by users are currently not stored.

Vendor access
For a comprehensive list of vendors who have access to Customer Data submitted to Automator AI, refer to Exhibit C of the Data Processing Addendum (DPA). The applicable vendors will have Intelligent Automation Co-Pilot for Automators in the Applicable Services column. Data processing addendum (DPA)
Cloud Automation Agreement

For the processing of Protected Health Information (PHI) (as defined by C.F.R. § 160.103), our Business Associate Agreement (BAA) is automatically incorporated into our Cloud Automation Agreement . Please reach out to your Customer Success Manager (CSM) or Sales Executive (SE) to check whether you have a BAA in place, and if not, they will get you a copy of our BAA. See, Cloud Automation Agreement.

Data Processing Agreement (DPA) for personal data entered in Automator AI
Our DPA is also incorporated into our Cloud Automation Agreement. Please reach out to your Customer Success Manager (CSM) or Sales Executive (SE) to check whether you have a (DPA) in place, and if not, they will get you a signed copy of our DPA. See terms of our DPA in the following. Automation Anywhere DPA Agreement