ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review

aisecurity.llc

Customer Data & Model Training

What happens to your data when we use AI · aisecurity.llc

The short answer

Your data is not used to train AI models. Neither aisecurity.llc nor the AI providers we use (Anthropic, OpenAI) train models on your data under our API agreements. When AI assistance is used in your engagement, we apply data minimization and pseudonymization before any API call.

Quick Reference

Is customer content used to train aisecurity.llc's own AI models?

We do not train or fine-tune AI models.

Is customer content sent to AI model APIs (Anthropic, OpenAI)?

Only when AI assistance is used in that engagement, with appropriate data handling.

Do AI providers train their models on our API inputs?

Our agreements with Anthropic and OpenAI explicitly prohibit this.

Is confidential client data sent to AI APIs without authorization?

We apply data minimization and pseudonymization before AI API calls.

Can enterprise clients opt out of AI-assisted processing?

Enterprise engagements can specify AI-free processing requirements in their agreement.

Are AI API calls logged for security and audit?

We maintain internal logs of AI API usage for security monitoring and incident response.

1. What We Send to AI Providers

When aisecurity.llc uses AI model APIs in research, platform features, or consulting work, the following types of content may be submitted as prompts or context:

  • Publicly available information (job descriptions, CVE data, research papers, etc.)
  • Internally authored text, outlines, or drafts
  • Aggregated or anonymized security signal data
  • Contextual instructions and system prompts

For consulting engagements where client context is relevant, we may submit:

  • Technical architecture descriptions (pseudonymized where possible)
  • Security requirement outlines
  • Threat modeling scenarios

We do not submit to AI APIs without authorization:

  • Client credentials, secrets, or configuration files
  • Personal data about end users beyond what's necessary
  • Materials marked confidential without applying appropriate scrubbing
  • Penetration testing findings or vulnerability details that could create third-party exposure

2. AI Provider Data Commitments

We use Anthropic (Claude) as our primary AI provider and OpenAI as a secondary provider. Both providers operate API-tier services under terms that prohibit training on API inputs.

Anthropic (Claude)

anthropic.com

  • API inputs are not used to train Anthropic's models under commercial API terms
  • Anthropic publishes a Privacy Policy and Usage Policy
  • Data retention for API calls follows Anthropic's standard API retention policy

OpenAI

openai.com

  • API inputs are not used to train OpenAI's models by default under API terms
  • OpenAI publishes a Privacy Policy
  • We recommend reviewing OpenAI's current API data usage policy for specifics

3. Enterprise Controls

Enterprise clients can specify data handling requirements in their engagement agreement:

  • AI-free engagement: Request that AI model APIs not be used with your confidential materials. Deliverables will be produced by human analysts only.
  • Data handling addendum: Specify additional restrictions on which materials can be submitted to AI providers and which must remain air-gapped.
  • Logging and audit: Request logs of AI API calls made during your engagement for review.

Contact hello@aisecurity.llc to discuss enterprise data handling requirements.

4. AI in Platform Features

The aisecurity.llc Platform uses AI model APIs for certain features (e.g., search assistance, content summarization, lab scenario generation). When you use these features:

  • Your queries and interactions may be submitted to an AI model API as part of the feature operation
  • AI providers process these inputs according to their API terms (no training on inputs)
  • We do not associate AI API calls with your personal identity in ways sent to providers unless necessary for the feature
  • General usage analytics are collected as described in our Privacy Policy

5. Questions

For specific questions about AI data handling in your engagement:

Related policies

AI Usage PolicyResponsible AI PrinciplesSubprocessorsPrivacy PolicyDPA

Customer Data & Model Training · aisecurity.llc · Effective May 19, 2026

← Back to AI Governance