Credo AI LLM-Powered Features

1. What are the AI-powered features currently available on the Credo AI Platform?

Currently, we have three features available on the Credo AI Platform that leverage a large language mode (LLM)l: 

• AI Use Case Intake with AI Assist: This feature allows users to upload existing documentation about an AI Use Case to automatically populate relevant metadata fields for that AI Use Case, including the Domain and Description fields. The LLM analyzes the documentation to generate a Description of the AI Use Case, and to recommend  Domains from the list of available Domains in the Credo AI tenant.

• AI-Powered Risk Scenario Recommendations: This feature improves the recommendations that the Credo AI Platform provides for specific risk scenarios that are relevant to a particular Use Case. The recommendations are drawn from Credo AI’s database of AI risk scenarios, based on the Use Case information in the platform (e.g., Use Case Description).The recommended risk scenarios are not generated at recommendation time by an LLM.

• AI-Powered Control Recommendations: This feature improves the recommendations that the Credo AI Platform provides for specific risk-mitigating controls that are relevant to mitigate a specific risk scenario. The recommendations are based on mapping the risk scenario to the available mitigating controls in the Credo AI Control Library, informed by Use Case information in the platform. The recommended mitigating controls are not generated at recommendation time by an LLM.

 Several additional AI-powered features are on the near-term roadmap for the Credo AI Platform, including AI-Powered Evidence Validation in Q2.

2. What model and provider is Credo AI using for its AI-powered features?

Currently, Credo AI’s AI capabilities are built on top of OpenAI's foundation models. Depending on the application, we use GPT-4 or GPT-3.5.

3. What data do Credo AI’s AI-powered features take as inputs, and what data is output?

The Document Upload with AI Assist feature takes a document uploaded by the user as the input; these documents can be in the form of PDF or text files. The feature is designed to work best with documentation about an AI system, such as a publicly available product brief from a vendor or an internal Product Requirements Document or Project Document that describes the AI system. The feature outputs a generated Use Case description and Domain recommendations from a predefined list of possible domains. The end user has the ability to edit both of these outputs.

The AI-Powered Risk Scenario and Control Recommendation features take NEED TO BE COMPLETED.

4. Is any customer data used for model training?

No, Credo AI is not currently using any customer data, including model inputs and outputs, for training or fine-tuning LLMs. Customer data will also not be used by OpenAI to train or fine-tune OpenAI’s models.

5. Is any customer data shared with OpenAI?

The data you submit and the responses you receive via Credo AI’s AI-powered features are not used to fine-tune or improve OpenAI’s models or service. Each data request is sent to OpenAI individually, over an SSL encrypted service, to process and send back to Credo AI.

6. What is Credo AI’s customer data retention policy?

Credo AI will retain your customer data during the term of your contract with us. Anonymous customer usage data may be retained by Credo AI indefinitely in order to improve our product. Customers can reach out to Credo AI to request that their data is deleted at any time, but such deletion may impact your use of the Credo AI product.

7. How is Credo AI mitigating the risks of sensitive data or intellectual property (IP) leakage?

Credo AI’s current uses of LLMs  prohibit customers from using  personally identifiable information (PII), so the risk of PII leakage through use of these LLMs is low and dependent on customers’ adherence to the terms and conditions of their contract with Credo AI.

Credo AI has an enterprise license with OpenAI, which prohibits OpenAI from using any of the data submitted via API for training purposes, which limits the risk of IP leakage.

8. Is the Credo AI Platform SOC2 compliant?

Yes, it is. You can request our SOC2 audit report from our team subject to our standard Non Disclosure Agreement.

9. Can I limit or restrict use of Credo AI’s AI-powered features?

All of Credo AI’s AI-powered features will be turned off by default for your instance of the Credo AI Platform; if you would like to make them available to your users, you can reach out to the Credo AI team to turn them on. Once the AI Use Case Intake with AI Assist feature is turned on, any user in your tenant who is an Owner or Contributor on an AI Use Case can use it to upload documentation and get AI-powered recommendations for Use Case metadata.