Create free account
Create free account

Security and Trust in the Use of Artificial Intelligence at Pirani

1. Our Commitment to Useful, Safe, and Responsible AI

At Pirani, we understand that by integrating artificial intelligence into our processes, we also take on a significant responsibility. Our commitment is to provide our clients with innovative solutions that are not only effective but also safe, ethical, and fully aligned with data privacy and protection regulations.
We adopt leading industry practices to ensure that AI is implemented responsibly, without compromising the confidentiality or integrity of our clients’ information. AI-driven decisions at Pirani are always under user control, and no interaction involves sharing sensitive data with third parties or using it to train models without explicit consent.

2. AI Features and Architecture

Pirani has incorporated AI into its platform not as a technical novelty, but as a natural evolution of its mission: helping organizations identify and manage risks more quickly, intelligently, and efficiently. To achieve this, we currently offer two core AI-based features, designed under the highest standards of privacy and security.

2.1. Risk Suggestions with ChatGPT (OpenAI)

This feature leverages OpenAI’s language models to provide suggestions on operational, security, compliance, and anti-money laundering risks. The entire process operates without using any confidential client data, ensuring privacy is never compromised. Queries are anonymized and processed with settings that prevent them from being used to train future models. Communication is end-to-end encrypted, and access is restricted according to the principle of least privilege.

2.2. Pirani Copilot (Internal AI Agent)

Copilot is our intelligent assistant, developed using AWS Bedrock technologies. Its role is to help users automatically generate risks, controls, and action plans, supported by a conversational model and a structured knowledge base.
Its design ensures that client information is neither used nor stored outside Pirani’s controlled environment. Thanks to mechanisms such as encryption at rest (KMS), robust authentication (IAM), and content filtering, Copilot provides relevant, contextual responses without jeopardizing confidentiality.

3. Security and Governance Principles

Pirani does not merely build AI capabilities—it does so within a strict framework of security and responsibility. The architectural decisions behind our AI features are guided by principles that prioritize data protection, regulatory compliance, and client peace of mind. This section outlines how we apply these principles in practice.

3.1. Data Encryption and Isolation

Encryption and isolation are managed through:

  • Encryption in transit (HTTPS) and at rest (KMS).
  • Environment separation (production, QA, development) and AWS account segregation.
  • Dedicated databases and resources per client in deployments requiring full isolation.
  • Access restricted by the principle of least privilege.

    3.2. Information Leakage Prevention

    Information leakage is controlled through the following conditions:
  • The agent denies requests aimed at exposing confidential data.
  • Stored prompts are not used for subsequent model training.
  • Content is filtered based on keywords, prohibited topics, and flagged actions.
  • "No training" configuration enforced with OpenAI.
  • Exclusive use of secure, private infrastructure (AWS VPC, IAM Roles, Secret Manager).

    3.3. Regulatory Compliance

    At Pirani, regulatory compliance is a core pillar in the implementation of AI, especially in sensitive environments such as the financial sector. Our practices not only align with internationally recognized standards such as ISO 27001 but are also designed to comply with data protection frameworks like the GDPR, Colombia’s Law 1581, and other applicable regulations in countries where our clients operate.
    All interactions with our AI systems occur under robust access controls, end-to-end encryption, continuous monitoring, and strict policies against data retention or reuse without consent. Our privacy policies adhere to the technical guidelines of both OpenAI and AWS Bedrock, ensuring that sensitive data is never used to train foundational models or stored outside Pirani’s secure environment.
    We also have advanced auditing capabilities through services like AWS CloudTrail and CloudWatch, enabling full traceability of operations and timely intervention in case of any incident.

4. Transparency and Continuous Improvement

Our AI is not a black box. We continuously monitor its performance, response quality, and security:

  • Technical auditing: leveraging tools like AWS CloudTrail and CloudWatch.
  • High availability: >95% operational uptime.
  • Answer accuracy: regular validations to maintain over 99% relevance.

5. Shared Responsibility

At Pirani, we take full responsibility for ensuring that our solutions are secure and respectful of your data. However, as a user, you also play an active role in the process:

  • AI suggests — you decide.
  • AI supports — you supervise.
  • AI learns from usage — but never accesses your information without consent.

We firmly believe that responsible use of technology requires mutual collaboration.

6. Commitment to Ethical and Responsible AI

Our approach is based on building user trust by ensuring that every interaction with our AI features is transparent, secure, and aligned with values of responsibility and privacy.
We make sure users always know when they are interacting with an intelligent agent, maintaining a high level of clarity at every touchpoint. Copilot and other AI features are designed to support decision-making—never to replace human judgment.
Additionally, user-provided information is never used to train models without prior authorization, and we follow strict review and oversight processes for all processed data. We continuously analyze logs and feedback to improve system behavior—always with the goal of enhancing utility without compromising privacy or trust.

7. Review Our Privacy Policy

This document complements—but does not replace—our Privacy Policy. There, you can learn more about how we manage your data across all Pirani services.