Back to Blog
Back to Blog

February 14, 2024

5 min read

Building a Privacy-First AI for Incident Management

Bringing AI into the game, Rootly isn't just playing it safe with privacy; we're setting a new standard. Discover the fusion of cutting-edge AI with uncompromised privacy in incident management

JJ Tang
Written by
JJ Tang
Building a Privacy-First AI for Incident Management
Table of contents

Building a Privacy-First AI for Incident Management in Slack

At Rootly, we're integrating AI into incident management with a keen eye on privacy. It's not just about tapping into AI's potential; it's about ensuring we respect and protect our customers’ privacy and sensitive data. Here's a quick overview of how we're blending innovation with strong privacy commitments.

Image feature the several AI features Rootly offers

The Importance of Privacy in Incident Management

Logs, unstable services, impacted accounts, security incidents, and more are all brought together when resolving an incident. This is great because with more data, the team can understand the incident and resolve it faster.

Introducing AI makes perfect sense. It cuts through the info overload, helping teams quickly catch up and tackle incidents by suggesting titles, root causes, and the right people to help. Plus, once everything's resolved, AI crafts a recap for the team. It streamlines the whole process, saving valuable time and effort.

However, incidents are a sensitive matter. So much so that we offer the possibility of declaring an incident as private, such that not even your engineers find out what's going on: only a select group of people have visibility over it in a private Slack channel. Consider, for example, a security breach: you need to address it with the utmost urgency but in the most discreet way possible.

Thus, privacy is a core-feature of incident management. And when we built our AI features, we designed them through a privacy-centric approach.

Our Privacy-Centric Development Approach

In building our AI capabilities, we focus on several key areas to ensure privacy:

Privacy by design

From the outset, our system architecture embodies the privacy-by-design principle. This means you can choose to opt in or out of AI at any time you want, specify the data you want processed, and for which outcomes.

Choose how much of your Slack data AI have access to

We’ve implemented privacy controls that lets you specify which incidents AI can assist with and which data it has access to. It doesn’t have to be all-or-nothing with Rootly and AI: partial-disclosure, full-disclosure, no-disclosure. You choose. Select up to which specific messages on Slack are subject to AI processing.

Screenshot of the controls to specify which Slack messages are used for AI

Data scrubbing

Recognizing the critical nature of the information involved, we scrub all personally identifiable information (PII), secrets, and other sensitive data before any AI processing. This safeguard is a cornerstone of our privacy-first approach, ensuring that AI's benefits do not come at the cost of compromising sensitive information.

Choose which exact AI features to work with

Not everybody needs the same AI features, or you may want to ensure a human goes through a specific process. With Rootly you can turn on or off the specific features that you want. Want people to be able to catch up with AI but prefer to have the root cause identified by a person in your team? Sure thing, toggle features as you need them.

Screenshot of the controls to specify which features to turn on

Protecting against knowledge leakage

We're mindful of the potential for AI models to inadvertently learn from and share sensitive data. To prevent this, we're partnering with enterprise-grade OpenAI solutions that ensure customer data remains private and isn't used for model training.

Bring your own AI

We offer the option for customers to use their own OpenAI accounts and select your preferred GPT model, providing an extra layer of security and peace of mind.

Conclusion: Prioritizing Privacy in AI Integration

In creating our privacy-first AI for incident management, we're really putting our all into striking the right balance between advanced tech and solid privacy protections. It's all about giving users the reins, tightening up data security, and picking AI partners wisely. We're on a mission to boost incident management without cutting corners on privacy. For us, valuing privacy goes way beyond ticking boxes for compliance—it's a core principle that drives our product development forward.