When implementing intent-based navigation with K2BTools, security is a critical aspect that is thoroughly managed to ensure safe and authorized interactions. Here are the key security measures in place:
K2BTools processes responses provided by Globant Enterprise AI and checks security permissions before providing a response. This ensures that any responses correspond to panels for which the user has the necessary permissions.
There may be instances where a user does not have access to certain values of specific parameters. In such cases, the WebPanel generated by K2BTools performs several verifications regarding the parameters. For example, in the case of filters, it checks that the filter values are valid according to the filter's definition and its control info. If there is a control info with a condition, K2BTools will verify that the value stored in the session is one of the valid values according to the condition.
K2BTools does not send any database values to Globant Enterprise AI. The only information sent to Globant Enterprise AI includes the intentions definition, the description of the parameters, and the user's question. This approach ensures that sensitive data from the database is not exposed to the LLM and Globant Enterprise AI.
When a user enters a query and K2BTools intent-based navigation provides a response, the feedback regarding the parameters can potentially lead the user to infer that certain records exist in the database.. To prevent this, parameter domains can be configured in the metadata of the parameter realm in the "FeedbackMessage" property.
For sensitive data, it is recommended to set the "Feedback Message" property to "extracted description." This configuration ensures that the response will use the text entered by the user, thereby avoiding any unintended disclosure of database records.
|