How is data kept secure with AI Force?

The platform employs a three-pronged data security strategy, including infrastructure, inbound and outbound.

Infrastructure security:

• Network security: AI Force employs firewalls, intrusion detection systems and other network security measures.
• Physical security: It protects data centers and hardware from unauthorized access.
• Disaster recovery: We implement robust backup and recovery plans to safeguard data against loss.

Inbound data security:

• AI Force consumes enterprise data in the form of embeddings. These embeddings can be generated using on-prem embedding generation models. On-prem LLM models reside completely within secure network boundaries and have no interaction outside the network. Post-embedding generation, data will be stored in OpenSearch (a NoSQL database), which is secure by design.

Outbound data security:

• Enterprise data needs to be sent to LLMs to generate meaningful output. AI Force will apply filters to ensure data privacy concerns, PII, anonymization, banned strings, illegal actions, violence, etc.
• Open-source LLMs like Meta LLaMA3 will be deployed within the client’s network boundaries, ensuring security compliance.

How does the AI Force platform scale based on users or the volume of activities?

AI Force is flexible and can operate as a standalone system or in a distributed multi-node environment. This scalability allows for load-balanced deployments to handle increased workloads.

How does AI Force safeguard against malicious output or hallucination?

We implemented several strategies within the AI Force platform to mitigate the risks of malicious output and hallucinations:

Preventing malicious output

• Robust filtering: Employing advanced filters to detect and block sensitive and harmful content, such as PII, banned strings, secrets, violence and discriminatory language.
• Content moderation: Implementing human-in-the-loop systems for reviewing and approving generated content

Preventing hallucinations

• Data grounding: Anchoring LLM model responses to enterprise data to provide necessary context to a generic response, thereby reducing the likelihood of hallucinations
• User feedback: Incorporating user feedback to identify and correct hallucinated output

Additional considerations

• Transparency: AI Force provides a disclaimer with AI-generated content for easy identification
• Regular audits: Conducting ongoing assessments to identify and address potential issues in the AI-generated content

By combining these approaches, AI Force can significantly reduce the risk of malicious output and hallucinations, enhancing the platform's overall safety and reliability.

How does the AI Force platform recover in case of a node failure?

The AI Force deployment team employs a combination of strategies to ensure application and platform recovery in case of node failures:

Redundancy and high availability (infrastructure level)

Load balancing: Distributing traffic across multiple nodes to prevent overload on any single instance

• Replication: Creating copies of data and applications across different nodes for failover
• Clustering: Grouping multiple nodes for increased reliability and fault tolerance

Continuous monitoring

• Monitoring systems: Continuously tracking the health of nodes and detecting failures

AI Force aims to minimize downtime, protect data integrity and ensure continuous application and platform availability.

How can the AI Force platform be patched and maintained as new versions are available?

Currently, AI Force version upgrades require manual intervention. However, the process is designed to be seamless and does not impact customer data in any way.

The engineering team is developing a patch-based upgrade system to enhance user experience and simplify the update process. This approach reflects AI Force's commitment to improving its platform and providing users with a more efficient update mechanism.

What vulnerability assessment tests have been run on the AI Force source code?

AI Force undergoes comprehensive vulnerability testing:

• Code vulnerabilities: The entire codebase is scanned using MEND to identify and rectify security flaws
• Licensing compliance: Each AI Force release assesses all third-party packages for licensing issues
• Package updates: Third-party packages are regularly checked for the latest versions and vulnerabilities during release