Atlan AI security

πŸ’ͺ Did you know? Atlan uses Azure OpenAI Service to power Atlan AI. Atlan does not send any data to the AI service and only uses metadata for supported capabilities. For questions about data security, see below.

Learn more about how Atlan AI processes and stores your data:

What services does Atlan AI use?

Atlan uses Azure OpenAI Service to power Atlan AI. Specifically, Atlan uses GPT-4 Turbo, a large, pretrained AI model.

What data does Atlan send to the AI service?

Atlan does not send any data to the AI service. Atlan only sends metadata for supported capabilities.

For example:

Does Atlan use any metadata or data to train Atlan AI?

No, Atlan does not use your metadata or data for fine-tuning or training AI models.

Is the data processed through Atlan AI encrypted?

Atlan makes HTTPS requests from your tenant, applicable to all supported cloud platforms. The data is encrypted in transit using TLS 1.2, AWS PrivateLink, or Azure virtual network peering. Atlan uses 256-bit Advanced Encryption Standard (AES-256) algorithm to encrypt data at rest.

How does Atlan ensure security development of Atlan AI?

Atlan AI follows OWASP Top 10 that includes application security reviews and Static Application Security Testing (SAST) tools.

Does Atlan AI comply with any governance or legal frameworks?

While Atlan is HIPAA and GDPR compliant, Atlan AI is currently not. As Atlan AI progresses from beta to production stage, compliance will be our key focus.

Does Atlan AI process PII or other sensitive data?

Atlan AI only processes user input and metadata, which typically do not contain PII or sensitive data. However, it is the organization's responsibility to ensure that PII or other sensitive data is not available in the metadata or shared via user input.

What is the data retention policy for Atlan AI?

Atlan does not store any data for Atlan AI.

This is enforced in the following two ways:

  • Atlan has an exemption from Microsoft to not store any data. Keeping data sensitivity in mind, Atlan has opted out of abuse monitoring and human review from Azure OpenAI Service.
  • Only the metadata generated using Atlan AI is cataloged in Atlan.

How does Atlan manage security vulnerabilities for Atlan AI?

Vulnerabilities and incidents are managed in accordance with the existing program and policy.

How does Atlan manage the performance and scale for Atlan AI?

We utilize the scalability of our existing cloud infrastructure while relying on Azure OpenAI.

Related articles

Was this article helpful?
0 out of 0 found this helpful