Several Checkbox products are being powered by artificial intelligence (A.I.). This article is designed to outline Checkbox’s responsibilities these products.
What A.I. products do currently Checkbox offer?
Checkbox has 3 separate products that leverage A.I.:
- A.I. Assistant: An A.I. powered chatbot that provide answers to natural language questions based on a set of documents and workflows containing the body of knowledge on which the chatbot is trained on.
- A.I. Triage Block: A workflow mechanism that matches a user’s natural language query against a set of customizable categories with pre-defined descriptions to direct users to the appropriate determined workflow path.
- A.I. Contract Term Extraction: A mechanism that scans documents uploaded by users in the workflow, and extracts key terms as variables which can be used in reporting or sent to other systems.
Which third-party services are being used by Checkbox to power A.I. products?
Checkbox uses OpenAI’s Large Language Models (LLM) and Embedding models to power its A.I. features.
Where is information stored, and who has access to it?
Customer data is hosted with Australia on Amazon Web Services (AWS) in regions local to our customers. Regions include Sydney Australia, Frankfurt Germany, United States, and Singapore.
Information involved with Checkbox AI products will be stored and accessed by Checkbox and OpenAI. However, data sent to OpenAI is only stored by OpenAI for 30 days to prevent abuse and misuse, and is not retained, nor used for training to improve their models.
This means data sent over to OpenAI is not accessible to any other parties, including publicly accessible models like ChatGPT.
Further, OpenAI has been evaluated by a third-party security auditor and is SOC 2 Type 2 compliant.
Additional information around OpenAI’s API data usage policy can be found here.
What controls does Checkbox have in place to ensure the privacy and safety of the information used in its A.I. products?
Checkbox maintains an Information Security Management System as part of its governance model. We maintain controls across all areas of the company including change management, risk management, data handling, disaster recovery, incident response, and staff training and awareness. Examples of controls include data encryption both in transit and at rest and robust access controls to limit data access to authorized personnel only.
To ensure the robustness of our security and privacy framework, Checkbox is regularly audited by third-party providers through penetration testing and vulnerability assessments, as well as against standards including SOC2, ISO27001, ISO27017, and ISO27018.
Who has access to Checkbox’s A.I. products?
The A.I. assistant feature is restricted to users within the customer’s domain. The conversational experience checks the user’s email and permissions such that no external parties can interact with the A.I. assistant feature.
Checkbox’s A.I. Triage Block and A.I. Contract Term Extraction tool can interface with external users, however, neither feature generates content using A.I. The triage block compares user input to best match against pre-defined descriptions, whilst the contract term extraction feature draws terms directly from the contract sources that are uploaded as part of the workflow.
Can the A.I. products fabricate a response (hallucination)?
Checkbox’s A.I. products are trained on sources provided by you and are specifically instructed to provide answers based on these sources alone. Unlike ChatGPT, this means that the A.I in Checkbox is a closed, private source environment and is unlikely to fabricate a response. To improve accuracy, Checkbox also enables customers to easily self-update these sources and re-train their A.I. products.
As added controls to accuracy, Checkbox provides:
- a mechanism built into the customisation experience that allows A.I. products to be internally tested before being pushed to production.
- fallback mechanisms for each of our products in the event they cannot provide a sufficiently confident output. The A.I. assistant invokes a customizable fallback message. The triage block falls back on a pre-defined output. The contract term extraction tool leaves the terms blank.
- the ability for you to provide their own pre-prompts to customise your A.I. assistants and further reinforce the responses it provides.