I am reviewing our new AI generated summaries in the Performance dashboard and I am seeing some serious compliance issues. For our financial services interactions, the AI is sometimes including full credit card numbers and personal tax IDs in the summary text. This violates our internal PCI and PII redaction policies. I thought the summarization service was supposed to respect the sensitive data masking settings. Is there a way to enforce stricter guardrails on what the AI includes in the interaction summary?
I inherited our digital messaging setup and I had to fix this exact problem for our billing team. The summarization service uses the raw transcript, not the redacted one that you see in the UI. If your bot or agent does not use the ‘Secure Flow’ for data entry, the sensitive numbers are sitting in the transcript in plain text. You have to ensure that all PII collection happens in a secure flow so it is never part of the transcript that the AI reads.
Ren25 is correct, but there is also a ‘Summary Guardrails’ setting in the Admin menu under ‘AI Services’. You can provide a list of keywords or patterns that the AI should never include in a summary. It is not perfect, but it adds a layer of protection. I have helped a lot of people set this up in the community. You should also check your ‘Dictionary’ settings to ensure the AI knows what a tax ID looks like in your region.
This AI stuff is a nightmare for developers. I am trying to build a bot that handles these summaries and the API documentation is so vague about where the redaction actually happens. If you hit the /api/v2/analytics/conversations/{conversationId}/summaries endpoint, you will see that the JSON payload contains the raw text regardless of your UI settings. You have to write your own regex filter on your back end before you display these summaries in a custom dashboard.