Kentik AI Overview

Kentik AI, including data privacy and security considerations, is covered in the following topics:

• About Kentik AI
• How Does Kentik Use AI?
• Kentik AI Privacy & Security
• Kentik AI Legal Disclaimer

Kentik AI is an umbrella term for a wide range of different AI capabilities infused across Kentik and designed to deliver an improved, enriched, and streamlined user experience in network observability and operations use cases.

Kentik AI is used for the following features of the Kentik platform:

• Query Assistant: The Query Assistant in Metrics Explorer translates natural language questions into a Metrics Explorer query for faster and more natural interaction with NMS metrics data.
• Journeys: Journeys takes the concept of natural language query a step further by providing an AI-assisted conversational user experience purpose-built for the process of troubleshooting and network analysis. Journeys translate natural language questions related to flows and metrics into queries executed in Data Explorer and NMS Metrics Explorer. It is contextually aware of previous queries, allowing you to iterate on your existing query and ask follow-up questions.
• Probable Cause Analysis: On-demand or automatically triggered analysis that finds the most contributing factors for sudden traffic changes, spikes, or drops.
• AI Enhanced Insights: New AI-driven analysis and correlation from across multiples data points and sources to provide valuable information to users in Kentik Insights.
• Summaries: Simple breakdowns of complex network issues with handy solutions and tips, that can be shown in different places in the Portal.

Kentik AI uses GenAI Large Language Model (LLM) services from multiple companies that are leaders in this technology:

• OpenAI models hosted by OpenAI.
• Foundational models from Anthropic, Google, or others hosted by Google Cloud's Vertex AI service.

As described in the following topics, Kentik AI is used In a variety of contexts across the Kentik platform to enable both specific modules and general capabilities:

• Journeys and Query Assistant
• Insights, PCA, and Summaries

For these services, the GenAI service is used to translate user’s questions/queries into a structured format that is executable by Kentik’s Query system:

• Access via API: Kentik uses enterprise API access to our GenAI service provider, meaning information sent to the LLM is not used or retained for further training purposes, per the terms and conditions provided by the LLM services in use. For more information, see Kentik AI Privacy & Security.
• No model training: The GenAI models are not trained or fine-tuned with any data. Kentik uses sophisticated Prompt Engineering techniques, e.g. "few-shot prompting," to improve the accuracy of the results.
• Submitted data: The data submitted in the input to the GenAI service contains the elements detailed below in GenAI Input Data.
  Note: The network metadata used in the prompt can be expanded in the future to improve users' experience with supported questions and accuracy, or development of new features. Any such changes will be documented.
• Journeys query techniques: Journeys uses specific techniques, outlined in Queries for Journeys, to enable responses that are informed by prior prompts.
• Prompt protection: Kentik takes the following precautions to guard against LLM prompt injection:
  - We verify that a valid Kentik query comes back from the GenAI service.
  - We discard responses that don't fit the expected schema and can't be executed by the Kentik query engine.
  - We execute the queries constructed by LLM only in the user context, so they are isolated at the user’s company level, which is also how queries are executed in the Portal UI.
  - Queries are read-only by nature, so there's no risk of injection-type attacks.

The data submitted in the input to the GenAI service contains the following elements:

• User’s Question: A question typed in the Query Assistant or Journeys input prompt.
• Query Context: The names of metrics, dimensions, and measurements used in the Kentik Data Explorer and NMS Metrics Explorer query schema.
• Network Metadata: A small set of relevant metadata about user’s network, currently containing:
  - Site names
  - Site’s countries
  - Site Markets
  - Provider names used in interface classification feature
  - Device Labels (”Labels” used in Kentik portal)
  - AS Groups
  - DDoS Alerting policy names
• Aggregated Data Results: For Journeys, the results returned from each successive user prompt are used to shape the results of the next query as described in Queries for Journeys.

A Journey involves a series of queries in which the response to each successive query is informed by the prompts that have come before. To do this, the system will include the aggregated table results of the previous query. Only the two times Top-X aggregated table results which are visible on the table will be included in the input message to LLM. This feature is used to enrich the user’s communication with the Journeys system, so that the user can ask questions which are related to the results of the previous query. For example, the user can ask to filter the results based on the third row of the table, or to show different metrics for network objects which are presented in the results of the first query.

For AI-enhanced Insights, Probable Cause Analysis (PCA), and summaries, the GenAI service is used to interpret the query or analysis results and to make them more user-friendly. In the future, the GenAI service can also be used in this way for various other purposes (i.e.. additional features and capabilities).

• Kentik performs analysis of the collected network telemetry data using Kentik-developed algorithms, data mining, or machine learning techniques.
• The data is usually related to a certain problem, which can be an anomaly in the network traffic, metric values that are above/below thresholds, or the connectivity path in a public cloud infrastructure.
• The result of such analysis is an aggregated data structure that contains relevant information for the analyzed problem.
• This aggregated data is used as an input that enables the GenAI service to provide a user-friendly explanation of the data and enrich the user experience.

The following topics outline how we ensure that Kentik AI respects the privacy and security of Kentik users:

• Protection of Prompts
• Customer Control of AI
• Privacy & Security Commitment
• Privacy & Security Resources

Kentik keeps the questions submitted by users in Query Assistant and Journeys internally for the purpose of support in troubleshooting problems and improving user experience:

• This activity is handled according to the practices detailed in our Security Overview.
• The input prompt that is submitted to our provider’s GenAI service over “Enterprise API” is handled according to their privacy policies (see Privacy & Security Resources).

The important aspects of the above privacy policies can be summarized as follows:

• Submitted data is not used to train any GenAI model.
• OpenAI may securely retain API inputs and outputs for up to 30 days to provide the services and to identify abuse. After 30 days, API inputs and outputs are removed from their systems unless they are legally required to retain them.
• Google does not store any API inputs or outputs.
• Data is encrypted in transit.
• The OpenAI API platform is certified for SOC 2 compliance.
• The Google Vertex AI platform is certified for SOC 2, ISO 27001 and ISO 27701 compliance.

Kentik customers retain control at all times over the company's access to Kentik AI features, which can be enabled or disabled (default) at the company level by a user with Super Administrator privileges. The Enable Kentik AI switch is found on the portal's Kentik AI settings page, which Super Administrators can access via the Organization Settings menu:

• Enabling Kentik AI will enable the use of Query Assistant, Journeys, and other Kentik AI-assisted features for your company, as described in this document.
• Disabling Kentik AI will disable the use of any Kentik AI related features for your company.

While AI technologies evolve and become more sophisticated, Kentik remain proactive in enhancing our security measures and protocols to ensure the integrity and confidentiality of all customer data. For assistance with any questions on this topic, please contact our Customer Success team.

The following resources provide additional information about privacy and security policies related to Kentik AI:

• Kentik: Security Overview (Kentik Knowledge Base)
• OpenAI: OpenAI's Enterprise privacy policy
• Vertex AI: Google Cloud Vertex AI, Generative AI and data governance.

Kentik's AI features involve sending user queries and limited amounts of contextual info to LLM providers, including OpenAI. We make sure these providers are not allowed to use this data to train or refine their AI systems; however, we encourage all customers to make sure any use of AI is consistent with their corporate policies prior to use. Please be aware that AI may contain mistakes and that use of these features is as-is without any warranties. You are not authorized to use these features unless you agree to these terms. To read more about Kentik's approach to trust & safety surrounding AI features, please see detailed documentation linked above.