Hello, idea program manager! 😄 Are you excited about the new feature but concerned about security? Then this article is for you! We’ll share here how the Architecture and Security work concerning the Generative Artificial Intelligence present in the platform. Here’s what you’ll find next:
- High-Level Architectural Vision Diagram of the Solution Infrastructure
- Data Flow
- Security
- Use of Data for Model Training
________________________________________________________________________________________________________________
High-Level Architectural Vision of the Solution Infrastructure
- Web Application: The online user interface where users interact with the generative AI system through the AEVO platform's chat interface.
- Web Firewall: Azure Front Door. A security layer that controls inbound and outbound traffic for the web application, protecting it from external threats.
- Azure App Services: AEVO platform’s application servers.
- Kubernetes Service: A virtualized environment used to run applications (AEVO Model), communicating with Artificial Intelligence models.
- Relational Database: A structured data storage system that maintains AEVO platform information organized in relational tables.
- Enterprise API Open AI: The OpenAI API integrated into the project, providing generative AI functionalities for the web platform, intended for enterprise use.
________________________________________________________________________________________________________________
Data Flow
Some data are collected and processed by the generative AI, as follows: Data regarding each innovation campaign on the AEVO platform. The relevant fields are:
- Campaign Description – Text
- Idea Title* – Text
- Idea Description* – Text
- Idea Benefits* – Text
- Additional fields configured by campaign* – Text, Number, and Option Li
| *These fields may be configured with other labels. They may vary according to each idea submission form’s field configuration for each campaign. |
Next, we will describe the data flow, covering the collection, processing, and storage among the various architecture components.
- The data collection begins with the AEVO platform interface, where the user will interact with the AI through the graphical interface (screens) of the system;
- Given the user's initial input, the AEVO platform will communicate with the AEVO AI model through web APIs, where the information will be pre-processed. After pre-processing, the model will communicate with the Open AI API through prompts;
- The OpenAI API will return information to the AEVO model, which will perform post-processing of the data. After post-processing, the data will be returned to the platform, which will display the result to the users on the system’s screens;
- The generative AI of Open AI will only be used to process the information and deliver the result to the user, without storing any type of initial input;
- At the end of the interaction with the AI, users can submit their idea for evaluation or save it as a draft. The system will persist the information in the relational database.
________________________________________________________________________________________________________________
Security
In this section, we will address the main security issues of the architecture and intelligence models:
Web Application:
-
Protected by Azure Front Door Firewall
-
HTTPS communication using TLS 1.2 or higher
-
Robustness and information security processes.
AEVO Model (Kubernetes Service):
-
Ports closed to the web. Exclusive communication with the AEVO Application through encryption keys and TLS 1.2 or higher for data in transit.
Enterprise API Open AI:
-
Private API model of AEVO’s Open AI, with methods accessed only with the API key;
-
Commitment to compliance, security, and legislation (GDPR). Details: https://openai.com/enterprise-privacy
Encryption:
-
All AEVO services will communicate with TLS 1.2 or higher for data in transit;
-
TLS 1.2 or higher for the Enterprise API of Open AI.
Threat Protection:
-
Web firewall and reverse proxy;
-
User-based rate limiting;
-
Encryption in transit and at rest;
-
Network Security Group (virtual network security groups);
-
Real-time monitoring.
LGPD and GDPR (General Data Protection Regulation):
-
No personal data is mapped to be collected, processed, or stored by the generative AI integrated into the platform;
-
The Open AI enterprise API is GDPR compliant, and it also complies with CCPA, SOC 2, and SOC 3. Details at: https://trust.openai.com/
________________________________________________________________________________________________________________