- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Most teams enable Now Assist and move on. Few actually check what data ends up in the AI prompt.
It reads from live records to build summaries and responses. But it doesn't filter what's in those records first. HR cases, health-related notes, personal customer details, all of it goes into the model. No review, no approval, it just happens.
For global deployments, that's a problem. Personal data from regulated markets is hitting an AI layer that was never part of the compliance conversation.
How are others handling this before rollout?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Data Privacy controls are designed to address this concern. Customers need to enable and configure these controls through the Now Assist Admin Console.
Please refer to the attached screenshots for additional details. Before a request is sent to the LLM, the Generative AI Controller performs a pre-processing step that identifies and masks sensitive information based on the configured Data Privacy policies.
For example, when a user clicks the Incident Summarization button, the Incident Short Description is included as part of the prompt because it is a required input for the skill. If the short description contains a phone number, the Data Privacy policies will detect and mask it (for example, replacing it with "xxxxxxxxxx") before the prompt is sent to the ServiceNow Compute Hub for processing.
This ensures that sensitive data is protected and not exposed to the underlying LLM. Please review the screenshots for a detailed walkthrough of the configuration and behavior.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Thanks for the screenshots @Vamsi_Krishna07, it makes it much clearer how it works.
One thing I noticed looking at the patterns list is that they all cover structured data. Numbers, codes, identifiers. But what about a case note where someone just wrote something like "employee is dealing with a serious health issue and needs extended leave in Saudi Arabia"? No numbers, no codes, just plain text. Would the policy pick that up?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
@DmytroD_ - We have a Sensitive Data Detection capability that can be enabled through the Now Assist Admin Console settings. Once these policies are configured, if an employee engages with the AI on a sensitive topic, the conversation will be automatically routed to an available live agent instead of being handled by the AI. As per my knowledge it's available in Now Assist for VA, but not sure about how Now Assist deals with sensitive data phrases detected in case description or short description.
Please refer to below screenshot for VA policies:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Thanks for the detailed explanation and the screenshot. The Sensitive Data Detection capability is something I wasn't aware of, good to know it exists for VA. Your point about case descriptions is exactly what I was wondering about too, so curious to see if anyone has clarity on that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sunday