The GenAI Knowledge Security Platform

Purview provides excellent data governance policies and classification - our tool validates that those policies are properly enforced when users interact with AI assistants. Think of it as continuous testing to ensure your Purview investments are working as intended in real-world AI scenarios.

Purview sets the rules - we help you verify they're being followed. Our tool provides ongoing validation that your Purview classifications and policies are effectively preventing inappropriate AI-powered document discovery.

This does not replace Purview. You should continue to use Purview for data discovery and sensitivity classification. The data discovery process using Purview (and other similar data discovery tools) can take months to complete for a full scan of a large enterprise’s entire file system.

Knostic takes a broad approach with prompts built on a corpus of sensitive business topics for specific user profiles. This approach can accelerate the discovery of sensitive business
content, uncovering 80% of the high priority findings in less than 20% of the time.

AI assistants can surface sensitive information through aggregation, inference, and semantic search that doesn't trigger DLP's pattern-based detection, even when the underlying access should be restricted.

Knostic fills this gap by testing whether AI-powered document discovery and response generation properly respect your existing access controls and data classifications, catching scenarios where AI finds creative ways to surface restricted information that DLP policies weren't designed to anticipate.

DLP protects against known sharing patterns. Knostic discovers unknown, AI-enabled, access patterns that emerge from conversational interactions with enterprise data.

Even without formal data discovery or classification, Knostic provides immediate value by identifying what sensitive information is currently exposed through AI assistants - essentially performing data discovery through the lens of actual user access patterns.

We also support Glean and will be adding more Enterprise AI tools soon.

You would need to be using Microsoft 365 and have a minimal number of Copilot licenses active for testing, but you do not not need to have active Copilot users. Even if you are not intending to use Copilot, this approach can still help accelerate the discovery of sensitive content within Microsoft 365 itself.

Personas can be determined in a number of ways. We recommend that you start with a user given birthright permissions in your organization - an "Everyone" user. Then you can copy select representative users within specific business areas into testing accounts, or create an aggregate persona based on the combined permissions of a team, department, or job function.

You do not not need to have any defined roles to get started. At times program owners feel like they are not ready because they don’t have a robust Identity and Access Management program or fall short in defining roles. As long as you have Department level delineation of users, that’s sufficient to define a profile. Knonstic can also help by beginning an assessment with a user profile that has no permissions at all.

Knostic doesn't sell customer data or share it with partners.

Specifically, Knostic collects document metadata, such as the file name, location, date of creation and last update, the document author, and document summary information that Knostic uses to perform analysis. Analysis provides summary document topics related to the prompt context and contextual recommendations regarding prioritization.