In this video, we will review the security details for the Adobe Experience Platform AI Assistant. Please note that this video is based on the current security fact sheet located at the link on the screen. If there is ever a discrepancy between this video and the current security fact sheet, then the fact sheet takes precedence. AI Assistant and Adobe Experience Platform is a generative AI tool integrated within native applications built on Adobe Experience Platform. Designed to enhance productivity and help users expand product mastery, efficiently navigate enterprise data objects, and simplify tasks while ensuring adherence to the customer’s organization data security standards. AI Assistant and Adobe Experience Platform can answer questions about product knowledge and operational insights. Adobe’s agnostic approach to large language model enables us to choose the best-in-class technology for the task at hand. AI Assistant and Adobe Experience Platform currently leverages Microsoft’s Azure Open AI service to answer both product knowledge and operational insights questions. There are three key components in AI Assistant. The Adobe Experience Platform user interface. Users interact with the AI Assistant by clicking the icon in the upper right-hand corner of the Adobe Experience Platform UI, which reveals a right rail screen with a text box where the users can enter prompts. Generative Experience Models, or GEMs, the primary brains behind AI Assistant and Adobe Experience Platform. The GEMs include foundation and custom models that power AI Assistant use cases. For the details on the specific models, please see the security fact sheet. Data Services. API services invoked by GEMs to query the data stores that contain relevant data. Data in the data stores is organized, pre-joined, and indexed into a knowledge base, which then enables the GEMs to interact with it in an open-ended fashion. To enable a user to access AI Assistant and AEP, the customer’s Adobe admin must grant specific permissions. For real-time customer data platform and Adobe Journey optimized users, the Adobe admin must grant permissions within the permissions UI of the Adobe Experience Platform. For customer Journey analytics users, the Adobe admin must grant permission for the users to access the AI Assistant within the Adobe admin console. For more information, please review the security fact sheet. Data Encryption. In transit, all data is encrypted in transit over HTTPS using TLS 1.2 or greater. At Rest. Any data stored by AI Assistant is encrypted at rest using AES 256-bit encryption. All data is encrypted in transit over HTTPS using TLS 1.2 or greater. Step 1. User opens the AI Assistant and Adobe Experience Platform user interface. Step 2. AI Assistant authenticates the user with Adobe Identity Management Services, IMS, and checks that the user is entitled to use the AI Assistant. Step 3. Users enter a product knowledge type question in the prompt text box. Step 4. AI Assistant UI sends the prompt text to the dialog management GEM, which classifies the prompt into the appropriate question type, product knowledge, operational insight, or out of scope. If the question is in scope for AI Assistant and AEP, the process moves to step 5. If the question is out of scope, the user receives an error message. Step 5. The dialog management GEM checks with the AEP access control service to confirm that the user is entitled to ask product knowledge questions. Questions outside the scope of AEP and its native applications, including questions about other Adobe products such as Adobe Target and the Creative Cloud Suite, cannot be answered by the AI Assistant in AEP. Step 6. If the user is entitled, the dialog management GEM applies a series of content filters to determine if the prompt adheres to Adobe’s generative AI user guidelines. If any part of the prompt violates these guidelines, the user receives an error message. Step 7. The dialog management GEM then sends the prompt text to the product knowledge GEM, which uses semantic search to retrieve relevant snippets of documentation from the product knowledge data service to answer the question. Step 8. The dialog management GEM combines the prompt text with the retrieved snippets of documentation from the product knowledge data service and sends them to the Azure OpenAI service. Step 9. Before sending the formulated answer back to the dialog management GEM, the Azure OpenAI content filtering service moderates generated responses that violate Azure OpenAI user guidelines. Step 10. The product knowledge GEM cross-checks the answers provided by the Azure OpenAI service against the documentation snippets, adds the appropriate citations, and sends the complete answer and citations to the dialog management GEM. Step 11. The dialog management GEM returns the answer and the relevant citations, along with suggested next prompts, to the user in the AI Assistant for Adobe Experience Platform user interface. Now let’s look at the Data Flow Narrative for Operational Insights. Step 1. The user opens the AI Assistant in the Adobe Experience Platform user interface. Step 2. AI Assistant authenticates the user with Adobe Identity Management Service and checks that the user is entitled to use AI Assistant in Adobe Experience Platform. Step 3. User enters an operational insights type question in the prompt text box. Step 4. AI Assistant sends the prompt text to the dialog management GEM, which classifies the prompt into the appropriate question type, product knowledge, operational insight, or out of scope. If the question is in scope for AI Assistant in Adobe Experience Platform, then the process moves to step 5. If the question is out of scope, the user receives an error message. Step 5. The dialog management GEM checks with the AEP Access Control Service to confirm that the user is entitled to ask operational insights questions. Step 6. If the user is entitled, the dialog management GEM applies a series of content filters to determine if the prompt adheres to Adobe’s generative AI user guidelines. If any part of the prompt violates these guidelines, the user receives an error message. Step 7. The dialog management GEM sends the prompt text to the operational insights GEM, which retrieves a customer agnostic schema and sample queries relevant to the current prompt. Step 8. The dialog management GEM combines the prompt text with the customer agnostic schema and sample queries and sends the data to the Azure OpenAI service, which uses the information to formulate an answer. Step 9. Before sending the formulated answer back to the operational insights GEM, the Azure OpenAI Content Filtering Service moderates generated responses that violate Azure OpenAI user guidelines. Step 10. The operational insights GEM applies the relevant permissions on the business objects present in the query using role-based access control and object attribute level access controls. Step 11. The operational insights GEM runs the query in the context of the customer’s operational insights data service and generates an intermediate response, which is typically a single or multiple row table. Step 12. The operational insights GEM sends the query and the intermediate response to the Azure OpenAI service, which generates the natural language description of the answer and provides the natural language explanation of the query. This step-by-step explanation helps the user to verify the query’s accuracy. Step 13. The dialog management GEM returns the answer to the user. AI Assistant in Adobe Experience Platform and Azure OpenAI. AI Assistant in Adobe Experience Platform currently leverages Azure’s OpenAI to answer customer questions. The following data may be passed to Azure OpenAI to facilitate answering product knowledge or operational insight questions. Experience League Documentation. Information related to the page that the user is on. User’s Conversation History. The prompts and answers. The following data may be passed to Azure’s OpenAI to facilitate entering operational insights questions only. The schema of the tables being queried. Example questions with ground truth queries. Attributes within application business objects such as the name, description, and counts. Adobe has disabled logging in Azure OpenAI, helping to ensure that Microsoft does not collect or review any data sent for processing to Azure OpenAI by the AI Assistant in Adobe Experience Platform. More information is available at the Azure OpenAI Data Privacy and Security link. Adobe does not use any customer data to train or fine-tune the Azure OpenAI service. Chat History. Users can access their AI Assistant in Adobe Experience Platform Chat History, including the prompt and answer for 30 days. Chat History is stored in the same data center as the customer’s Adobe Data Storage location. If a customer would like to delete a user’s chat history, they should contact their Adobe Customer Support representative. Data Usage. Adobe uses customer-agnostic annotated data to fine-tune Adobe internal models. For example, the linguistic models for documentation and the operational insights and classifier models for prompt classification or out-of-scope detection. The responses from these models are not shown directly to the users. Data Processing and Storage Locations. Adobe Identity Management Services. Regardless of the geographic location of the customer, all identity data is stored in multi-region, load-balanced, cloud infrastructure providers with data centers located in North America, Europe, and APAC. Identity data is replicated across all data centers for reliability reasons. All identity data is secured at rest using AES 256-bit encryption in compliance with the Adobe Common Controls framework and meets our internal policies for encryption and storage of sensitive data. AI Assistant and Adobe Experience Platform and Azure OpenAI Service. All server-side components of AI Assistant and Adobe Experience Platform and corresponding data storage are co-located in the same region as the customer’s Adobe Experience Platform service infrastructure, which is determined upon initial provisioning. Data sent to the Azure OpenAI Service may be processed in a different data center but located within the same geographical region, per the tables that are in the security fact sheet. Questions. If you have any additional questions about the security posture and capabilities of Adobe Experience Platform, native applications, or AI Assistant in Adobe Experience Platform, please contact your Adobe account manager. For all other questions about Adobe security programs and processes and compliance certifications, please visit the Adobe Trust Center. Also, be sure to bookmark the security fact sheet for Adobe AI Assistant so that you can refer to it in the future.