Back

AI Policy

SYSTEM Publication date: 2024-05-01

AI Use Policy

This policy outlines the principles and guidelines for the use, development, and deployment of Artificial Intelligence (AI) within Axxemble and the systems we develop, including BaseFortify.eu.

1. Responsibility

We are dedicated to upholding the highest standards in the use, development, and deployment of AI systems. Our commitment includes:

  • Avoiding the use of AI systems in ways that could harm individuals, discriminate against any groups, or perpetuate societal inequalities.
  • Following ethical guidelines that prioritize fairness, diversity, inclusiveness, transparency, and accountability in AI system development and deployment.
  • Actively working to identify and mitigate biases in AI systems.
  • Ensuring compliance with privacy and security principles in the design, development, use, and implementation of AI systems.
  • Using only reputable AI tools that meet our security and data protection standards and adhere to the ethical and legal requirements outlined in this policy.
  • Recognizing the limitations of AI and ensuring staff use their judgment when interpreting and acting on AI-generated results and recommendations.
  • Encouraging staff to stay informed about advances in AI technology and potential ethical concerns.

2. Accountability

We are committed to ensuring that the development and use of AI systems comply with applicable rules, guidelines, and legal frameworks. This includes:

  • Complying with applicable laws and regulations related to AI, including the EU AI Act and GDPR.
  • Implementing and maintaining robust data security measures to safeguard information against unauthorized access, breaches, or misuse.
  • Ensuring the integrity and security of AI models and algorithms to prevent tampering or malicious use.
  • Continuously monitoring AI systems for potential security threats and responding to all confirmed incidents.

3. Transparency

We respect the privacy of individuals and are committed to ensuring users understand when and how AI systems are used. This includes:

  • Providing clear, understandable, and transparent notices about the use of AI in our systems.
  • Striving to enhance the user experience and understanding, ensuring alignment with user expectations.
  • Offering users the choice to opt out of AI for functions that can also be performed manually.
  • Collecting and using only the data necessary for the AI system to function properly, adhering to the principle of data minimization.
  • Establishing robust and clear data retention policies and responsible data handling procedures.
  • Maintaining human oversight in AI-powered decision-making processes, particularly in sensitive or ethically complex situations.
  • Allowing users to challenge the use or outcomes of AI systems.

4. Approved AI Providers

To align with our commitment to ethical AI, data sovereignty, and compliance, Axxemble and BaseFortify.eu currently use the following AI providers:

  • Mistral AI: Used for tasks such as CPE extraction, vulnerability analysis, and CVE Q&A in BaseFortify.eu. Mistral AI was selected for its alignment with European data sovereignty standards, transparency, and compliance with GDPR and the EU AI Act. Its open-source approach and European base ensure that data processing remains within EU jurisdictions, minimizing exposure to non-EU data transfer risks.

All AI providers are evaluated based on their adherence to our ethical, security, and compliance standards. We reserve the right to update this list as we adopt new tools or discontinue the use of existing ones.

5. Additional Guidelines

See also the UK NCSC Guidelines on Developing AI Systems Securely. These guidelines are to be applied in line with this policy.