Immuta's AI Features
AI-powered Immuta features
AI platform and data processing
Data privacy with AI-powered features
Immuta’s AI-powered features currently leverage AWS Bedrock as the foundational model to simplify specific administrative functions related to managing the Immuta product and data access policies. The features use metadata within Immuta, specific to the service to create insights or recommendations. Immuta metadata includes the following:
Any tags you place on tables/views or columns, either automatically or manually
Any groups or attributes you have assigned to users (not including usernames)
No data is transmitted, processed, or stored by the foundational model, shared with model providers, or used to improve the base models.
Immuta has reviewed the AI features with its AI governance team, including its Office of the CISO, applicable legal counsel, and DPO. Immuta AI features process only metadata, specifically attribute names, group names, and tag names, which will never be specific enough to contain personal data when following Immuta best practices. As such, data privacy and data protection laws such as GDPR and CPRA would not apply. Immuta's platform enables users solely to control access to their own data. For example, users could provide a natural-language description of the type of data access control policy they would like to create in Immuta, and the Immuta AI feature would output a logical expression for the policy to be implemented in the Immuta platform. Users are informed that they are interacting with an AI system.
Data protection with Policy explainer
The Policy explainer uses AWS Bedrock foundation models to generate mock data and a summary of the behavior of a policy. The AWS Service Terms and AWS Bedrock User Guide indicate that AWS and external parties, including Anthropic, cannot access either the prompts or completions and do not use them to train models. The AWS Bedrock user guide also states that prompts and completions are not stored.
Furthermore, the Policy explainer does not query or store any of your actual data. The only data sent to AWS Bedrock is the policy definition (configured by the user) in JSON. This policy definition only contains metadata, specifically attribute names, group names, column names, and tag names, which will not be specific enough to contain personal data when following Immuta best practices.
Finally, the Policy explainer does not activate, deactivate, or change the content of any policy; those changes are always made manually by the policy author.
Data protection with review assist
Review assist utilizes AWS Bedrock Anthropic Claude models to generate the justification. The AWS Service Terms and AWS Bedrock User Guide indicate that AWS and external parties, including Anthropic, cannot access either the prompts or completions and do not use them to train models. The AWS Bedrock user guide also states that prompts and completions are not stored.
Review Assist is not designed to query or store any of your actual data. It only leverages metadata, specifically user attribute names, group names, request form responses, and human-entered justifications from past determinations, which will not be specific enough to contain personal data when following Immuta best practices. The review assist recommendation calculation occurs on the Immuta SaaS platform, and only the relevant metadata to that recommendation is sent to Bedrock to generate the justification, and does not tie that metadata to a specific user.
Finally, review assist does not automatically make determinations on your behalf. The determination is proposed for human review before being applied and a user must implement the determination before it is implemented.
Last updated
Was this helpful?