The Andi Copilot Early Adopter Program: The Technology Behind a Trustworthy Copilot
This is part two of our ongoing blog series chronicling Q2’s Andi Copilot Early Adopter (EA) Program. Part one explained the origins of Andi and the Andi Copilot Platform, and outlined the goals of the EA program, which is intended to validate new use cases for Andi Copilot in commercial lending and beyond.
Reminder: If you’re interested, there’s still time to participate in the EA program. Just click on the button below to sign up.
In early discussions with our EA customers, the overwhelming feedback has been that compliance, data security, and privacy aren’t just checkboxes—they’re foundational product considerations that must be built into all AI products.
In the current AI landscape, privacy, security, and compliance start with your technology architecture. That’s why in part two of our series, we’ll explore a few of the essential technology components for any copilot, some of the criteria we considered, and the specific technologies we’ve chosen for Andi Copilot to make sure it’s secure and compliant.
Cloud Providers
In modern development, your cloud provider is the essential foundation to almost every downstream technology decision you or your vendors will make. Your cloud provider manages your computing resources, storage, and networking capabilities; it provides the tools and platforms you’ll use to develop, test, and deploy applications; it sets the standard for security, data handling, and compliance certifications to meet organizational and regulatory requirements; and it plays an important role in the cost structure and scalability of your overall technology stack. Many cloud providers also now offer their own preferred Large Language Model (LLM), so cloud provider and LLM choices are closely intertwined.
Common cloud providers include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Each offers its own unique capabilities in the categories mentioned above.
Our pick: Amazon Web Services (AWS)
After a review of our options for Andi Copilot, we selected AWS. Most of our development processes today use AWS—their data centers and networks are built to meet the highest quality and security standards. We—and our customers— know their tools and trust their security.
AWS also offers the broadest range of additional services that help us further ratchet up security and scalability to meet the needs of our highly-regulated space; for example, we use Amazon Elastic Container Service which enables our product to scale efficiently as the needs of our business grow—meaning surges in usage should not impact system availability.
Through rigorous experimentation, we also came to believe that AWS’s LLM capabilities were best suited to our needs, but we’ll unpack our LLM journey in a future blog.
Security and Privacy
The range of security tools available in the market is almost too broad to cover. We believe that when it comes to security, the same protocols and requirements you use today for your data and technology are a great baseline for AI tools as well.
For our team, we’re fortunate to have a strong set of global security technology requirements in place for any product we ship to our customers. So, for Andi Copilot, we were able to take advantage of the same “bank tough” security controls, services, and capabilities that are required for essentially all Q2 products. In the case of Andi Copilot, that gave us a significant speed-to-market advantage because we didn’t start from scratch when it came to security and compliance.
That’s not to say there aren’t GenAI-specific privacy concerns. One we hear often from our customers is the concern that data never be shared in a public tool (like the publicly available ChatGPT)—and we’ve taken specific measures to guarantee that data stays safe and private. We’ll focus on those here.
Our pick: the same tools and protocols we use across the Q2 suite, with a few special considerations…
To start, Andi Copilot utilizes several of AWS’s security features: private networks, security groups, encryption at rest and in transit.
As part of our commitment to our customers, we must ensure that client data never leaves the designated client's database and data is encrypted and protected by strict access policies. Here’s how AWS helps us achieve this:
- Appropriate segregation – Segregating the Andi Copilot allows us to isolate our application from any other applications—and even other Q2 products—effectively acting as firewalls.
- Identity and Access Management (IAM) - On top of firewalls, we also make sure software components are identified and that a set of strict permissions are assigned to it. Just because a service can read a piece of data, that doesn't mean it has the rights to delete it, for example. AWS IAM makes sure we have control of every action our system can take.
- Certificate Manager - We use AWS-provided certificates to make sure every communication, even those happening within our private network, is properly encrypted, using Transport Layer Security (TLS).
- Key Management Service - We use cryptographic keys to encrypt data at rest.
- Cognito - This is Amazon's user authentication layer. Every user can log in knowing they are using AWS’s most up-to-date security standards.
In addition to these specific tools and controls, we also simply don’t use any data to train LLMs, ensuring that all information from our customers remains confidential and solely within customer control.
In Summary: What Makes Andi Copilot Secure
What we want you to see, in sharing our architecture journey, is that we’ve put a lot of energy into choosing technologies that put data security and privacy at the forefront of our product design. From our trusted cloud provider, AWS, to the many security tools and protocols we use, we’ve built Andi Copilot to ensure your data stays as safe as it does across Q2’s product portfolio.
Next Up
In the next few installments of our Andi Copilot EA Program series, we will share our journey in selecting the best LLM for our specific use cases. We’ll also share our process of building the right tool for the job—that is, how we’ve designed and fine-tuned a copilot tailored to our customers’ specific use cases, including the lessons we learned and the key features that emerged along the way.
Join the Program
Come along with us on this exciting journey to develop the next generation of bank-centric tools. To learn more about the Andi Copilot Early Adopter program and how your institution can get involved, just <<fill out this form>> and we’ll be in touch!