Our Principles
- Human-centered: AI augments people; it does not replace human judgment for consequential decisions.
- Accountable: Every AI feature has a documented owner, purpose, and controls.
- Privacy-preserving: Customer data is treated as customer data — not training material.
- Transparent: Users know when they are interacting with AI and what its limitations are.
- Continuously evaluated: Behavior is measured, monitored, and improved.
Human Oversight
AI outputs are presented as assistive by default. High-impact workflows include explicit human-in-the-loop review, confidence indicators, and easy paths to escalate to a person.
Transparency
Interfaces disclose when AI is involved, which model class is being used at a general level, and what data is being used for the interaction. Documentation is available on request under NDA for enterprise and government customers.
Explainability
Where feasible we surface source references, citations, or the retrieved context underlying a response, and provide guidance about model limitations and known failure modes.
Privacy
AI features are subject to our Privacy Policy. Personal information is processed under the same protections as any other customer data.
Bias Mitigation
We evaluate models for representational and behavioral bias relevant to the use case, apply prompt and retrieval controls to reduce harmful outputs, and provide mechanisms for users to report concerns.
Responsible Model Usage
NISTA selects models based on capability, safety, cost, and data-handling posture. High-risk categories (biometric identification, autonomous decision-making without oversight, deceptive content) are restricted or prohibited by policy.
Customer Data Isolation
Retrieval-augmented generation and fine-tuning workflows are isolated per tenant. Model calls, embeddings, and vector stores are scoped so that one customer cannot influence or read another customer's context.
No Unauthorized Model Training
Customer inputs and outputs are not used to train foundation models operated by third parties. Our provider agreements explicitly disable training on customer content. Customer-scoped fine-tunes are performed only under explicit, written customer instruction.
AI Security
See our Security page for prompt-injection defenses, output filtering, isolation, and monitoring specific to AI workloads.
Governance
An internal AI governance function reviews new AI features prior to launch, tracks incidents, maintains model inventories, and evaluates alignment with the NIST AI Risk Management Framework and applicable law.
