Security and architecture for Automator AI

Find details about data flow, security, and architecture related to Automator AI.

Security

Does Automator AI interact with publicly accessible Large Language Models (LLM)?

Automator AI does not use any publicly accessible LLMs. It accesses Microsoft Azure OpenAI LLMs licensed to Automation Anywhere.

Which external AI services are being used by Automator AI?

Automator AI currently uses Microsoft Azure OpenAI LLMs along-with custom LLMs that are hosted on Amazon SageMaker.

What data is sent from Automator AI to external AI services?

User text prompt is sent to Microsoft Azure OpenAI LLM. Usage Data is sent to both Microsoft Azure OpenAI and Amazon SageMaker. Definitions of Usage Data and Customer DataSee can be found at the following. Data security for Generative AI – FAQ

In which regions are the prompts processed?

Automation Anywhere A360 cloud tenants are mapped to a corresponding Azure OpenAI region. User prompts entered in Automator AI are sent to this mapped Azure OpenAI region for processing. See the following mapping table for reference.

Table 1. Region mapping table
Automation 360 Cloud tenant region Azure OpenAI region (primary) Azure OpenAI region (disaster recovery)
US, LATAM US US
EU, Africa, Middle East EU EU
APJ, India, Singapore Japan Not available
Australia Australia Not available
Canada Canada Not available

Does Automation Anywhere permit vendors to train their LLMs on data from user text prompts submitted to Automator AI?

Automation Anywhere does not allow third-party vendors to store or train LLMs with the prompts or automation metadata sent to them via Automator AI.

How does Automation Anywhere ensure that user text prompts are not used by its vendors to train the vendors’ LLM models or improve vendors’ services?

Automation Anywhere uses Microsoft Azure OpenAI for processing user text prompts. The following guide confirms that incoming prompts to the Microsoft Azure OpenAI models are not stored or used to improve Microsoft services and Automation Anywhere has opted out of abuse monitoring by Microsoft. Azure OpenAI Data, Privacy and Security guide

Does Automation Anywhere train its own AI models with prompts submitted to Automator AI?

Automation Anywhere currently does not use the user text prompts or any other Customer Data for training its own AI models.

Does Automation Anywhere store the prompts submitted to Automator AI?

Prompts submitted by users are currently not stored.

Do any additional vendors have access to data submitted to Automator AI?

See Exhibit C of the following addendum for a list of vendors who have access to Customer Data submitted to Automator AI. The applicable vendors will have Intelligent Automation Co-Pilot for Automators in the Applicable Services column. Data processing addendum (DPA)

Will Automation Anywhere enter into a Business Associate Agreement (BAA) for the processing of Protected Health Information (as defined by C.F.R. § 160.103) (PHI) with respect to PHI, which a customer submits to Automator AI?

Yes. Typically, our BAA is automatically incorporated into our Cloud Automation Agreement. Please reach out to your Customer Success Manager (CSM) or Sales Executive (SE) to check whether you have a BAA in place, and if not, they will get you a copy of our BAA.

Will Automation Anywhere enter into a Data Processing Agreement (DPA) for the processing of Personal Data which a customer submits to Automator AI?

Yes. Typically, our DPA is automatically incorporated into our Cloud Automation Agreement. See, Cloud Automation Agreement. Please reach out to your Customer Success Manager (CSM) or Sales Executive (SE) to check whether you have a DPA in place, and if not, they will get you a signed copy of our DPA. See terms of our DPA in the following. Automation Anywhere DPA Agreement

Architecture

Image illustrates the architecture of Control Room, regional service pod and data.

  • Backend contains AI Orchestration and API Management services.
  • Regional Service Pods are aligned to Control Room regions in AWS or GCP.
  • Each Regional Service Pod is mapped to corresponding Azure OpenAI and AWS SageMaker region-specific endpoints.

Data flow

Image illustrates the flow of data from a user to servers.

1 Usage data includes names and descriptions of process tasks, command packages and command actions.

2 The definition of Usage Data can be found at the following.Data security for Generative AI FAQs