When using the AI Assistant, your risk data is sent to an external AI provider. MTC Skopos includes a built-in anonymization layer to protect sensitive information.
How it works
- Before sending data to the AI, sensitive fields are replaced with placeholders
- The AI analyzes the anonymized data and produces its response using placeholders
- Placeholders are replaced back with real values client-side before displaying
The AI never sees the original values for anonymized fields.
Anonymizable fields
| Field | Placeholder | Default |
|---|---|---|
| User IDs | u_1, u_2, ... | Anonymized |
| Role Names | r_1, r_2, ... | Anonymized |
| Composite Roles | c_1, c_2, ... | Anonymized |
| System Names | s_1, s_2, ... | Anonymized |
| Permission Values | v_1, v_2, ... | Not anonymized |
| Full Names | fn_1, fn_2, ... | Anonymized |
| Departments | dp_1, dp_2, ... | Not anonymized |
| HR Functions | hf_1, hf_2, ... | Not anonymized |
| Locations | lo_1, lo_2, ... | Not anonymized |
| User Groups | ug_1, ug_2, ... | Not anonymized |
Configuring anonymization
Go to Settings > AI Assistant > Anonymization to choose which fields to anonymize.
- Enable Preview Anonymization to see exactly what data is sent to the AI before each request
- Toggle individual fields on or off based on your data sensitivity requirements
If a field appears not anonymized in the message preview, select the field and apply anonymization via the displayed menu
Recommendations
- Keep User IDs, Role Names, and System Names anonymized when using cloud-hosted providers
- Permission values (transaction codes, authorization objects) are generally safe to leave visible as they are technical identifiers
- For maximum privacy, enable anonymization on all fields
- When using a self-hosted or local model, you may disable anonymization entirely