Now Assist is reading your records. Has anyone checked what it actually sends to the model?

DmytroD_
Giga Contributor

Most teams enable Now Assist and move on. Few actually check what data ends up in the AI prompt.

 

It reads from live records to build summaries and responses. But it doesn't filter what's in those records first. HR cases, health-related notes, personal customer details, all of it goes into the model. No review, no approval, it just happens.

 

For global deployments, that's a problem. Personal data from regulated markets is hitting an AI layer that was never part of the compliance conversation.

 

How are others handling this before rollout?

1 ACCEPTED SOLUTION

DmytroD_
 
Since names are masked and the sentence is not associated with a person, I do not believe it would be considered as personally identifiable data. However, you can review the logging and auditing from the AI Guardian to give your auditing and security teams visibility into data that is that sent or masked. This can be helpful for further refining your sensitive data patterns. 
 
Additionally, your data exposure is very limited in that your AI workloads are securely sent using Transport Layer Security (TLS) 1.2 from your ServiceNow instance to one of three centralized ServiceNow compute hubs (datacenters with GPUs for AI workloads), where the AI prediction processing takes place. The data used to generate the response is deleted from the compute hubs after the response has been generated. The result is then returned to the ServiceNow instance. The input and output data isn’t cached or stored on the compute hub and is transient.
 

View solution in original post

9 REPLIES 9

mary_lindell
ServiceNow Employee

Data Privacy for Now Assist uses configurable data discovery patterns to anonymize PII before sending any data to the AI Model, and is integrated into the Generative AI Controller, so it works with all LLMs configured for use with NOW Assist skills. PII data is replaced with placeholder text, so that you achieve a two-way masking of sensitive data.  

 

Refer to this community post for more details on protecting sensitive data:

https://www.servicenow.com/community/now-assist-articles/protecting-sensitive-data-in-generative-ai-...

Thanks for sharing the link @mary_lindell, went through it carefully.

 

The masking approach makes sense for structured data like emails, phone numbers, or card numbers. What I'm still thinking through is how it handles unstructured context in the prompt itself.

 

For example, if a case note says "employee is currently receiving treatment in Dubai and needs accommodation support" there is no pattern to catch that. It's sensitive information, but it doesn't look like PII in the traditional sense. The model sees it in full.

 

Do you know if Data Privacy for Now Assist covers this kind of case?

DmytroD_
 
Since names are masked and the sentence is not associated with a person, I do not believe it would be considered as personally identifiable data. However, you can review the logging and auditing from the AI Guardian to give your auditing and security teams visibility into data that is that sent or masked. This can be helpful for further refining your sensitive data patterns. 
 
Additionally, your data exposure is very limited in that your AI workloads are securely sent using Transport Layer Security (TLS) 1.2 from your ServiceNow instance to one of three centralized ServiceNow compute hubs (datacenters with GPUs for AI workloads), where the AI prediction processing takes place. The data used to generate the response is deleted from the compute hubs after the response has been generated. The result is then returned to the ServiceNow instance. The input and output data isn’t cached or stored on the compute hub and is transient.
 

Thanks for clarifying that, makes sense. The combination of masking plus the AI Guardian logging gives a lot more visibility than I initially assumed. Appreciate you taking the time to explain it.