AI Principles

BlueVoyant's AI Principles

Artificial intelligence (AI) has been embedded into BlueVoyant’s managed security and risk operations since day one. Grounded in a decade of real investigations – and sharpened across every false positive, edge case, and shift handoff – our philosophy remains the same: use AI to strengthen security decision clarity and consistency, not to chase speed or autonomy alone.  

Developing AI at BlueVoyant

Our AI technology is engineered to uphold operational trust in the environments we defend daily. 

  1. We prioritize accuracy, safety, security, and privacy throughout the design, development and deployment of our AI products. 
  2. We strive to design, develop and deploy AI products that treat people fairly. 
  3. We aim to design, develop and deploy AI products that are reliable and that help empower people to make efficient, informed, and socially beneficial decisions. 
  4. We maintain appropriate accountability measures for our AI products. 
  5. We implement practices intended to make our use of AI explainable. 

Governing and Securing AI at BlueVoyant

BlueVoyant’s internal AI governance policies are aligned with industry standards and benchmarked regularly.  

Frequently Asked Questions about AI Use at BlueVoyant

  1. Does BlueVoyant use customer data to train AI models? 
    No. BlueVoyant strictly prohibits the use of customer data to train underlying AI models or any third-party AI systems. Our AI capabilities do not self-train and are only shaped by human input across real investigations. Any tuning using customer data happens strictly within their environment – not through autonomous model retraining or opaque vendor pipelines.
  2. How does BlueVoyant ensure AI doesn’t take unauthorized actions? 
    BlueVoyant develops our AI with a bounded‑autonomy model. Agentic and Generative AI tools operate within deterministic rules and human‑defined playbooks, so AI never operates independently or makes final determinations on security incidents. Any new or updated logic is human‑validated and tested for 30 days before release, and analyst oversight is required for any containment or response step.
  3. How do you keep AI decisions transparent and explainable? 
    Every AI‑supported workflow includes a clear decision trail. Customers can see what was analyzed, why the model reached a conclusion, and how recommendations were generated. AI audit logs are available for export and follow the same retention policy as the platform’s operational logs.
  4. How does BlueVoyant manage security risks introduced by AI? 
    We apply strict technical and operational controls, including penetration testing, vulnerability scanning, access controls, encryption in transit and at rest, and continuous monitoring. All agentic and generative AI usage occurs through dedicated APIs with trusted cloud providers, such as Microsoft Azure and Google Cloud Platform.
  5. What frameworks guide your AI governance? 
    Our governance program aligns with ISO and NIST cybersecurity standards, Google’s Secure AI Framework (SAIF), and SOC 2 requirements. Policies are reviewed regularly by our Information Security Management Committee. 
  6. Is BlueVoyant compliant with the EU AI Act?  Yes. BlueVoyant is in compliance with the EU AI Act requirements currently in force, including those related to prohibited practices and AI literacy. We are also actively preparing for the additional requirements coming into effect on 2 August 2026, when the majority of EU AI Act obligations become applicable.  Based on our existing control environment, we expect to be compliant upon applicability.