Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide

    Appendix C - Customer opt-in for generative AI features

    Appendix C - Customer opt-in for generative AI features

    Purpose

    Feature opt-in enables select generative AI capabilities designed to enhance insights and productivity within our platform. These capabilities operate within secure and controlled environments that respect customer data privacy and security.

    Fortinet is committed to Responsible AI Usage.

    Enablement and Control

    • Generative AI features are disabled by default.

    • Only administrators can enable or disable these features for an account. Once enabled, the feature will be available to all users in the account.

    • Consent status, the user, and timestamp will be retained for compliance tracking.

    • Customers can revoke consent at any time.

    Revocation of consent

    When consent is revoked:

    • The feature will be disabled for all users of the account.

    • Customer data will no longer be accessible to any model involved in the feature’s AI system.

    Privacy by Design

    Our AI systems are architected with privacy and security at the core. Models run within our controlled infrastructure, and customer data never leaves it. Models are not trained on customer usage, ensuring your information remains private and isolated.

    GenAI System Transparency

    The FortiCNAPP AI Assist GenAI capabilities do not train on any customer data.

    For all GenAI Features, there will be an opt-in toggle for each feature dedicated to consent for that feature alone. The opt-in toggle will be accompanied by an AI Transparency document. This document will have details on how GenAI models are deployed as well as how data is handled and protected. It will also detail the architecture of the system to ensure no data leakage beyond the customer’s data governance.

    By consenting to one of these features, you are consenting to the use of your environment's data relevant for use within this feature’s AI system.

    Data Handling

    We adhere to strict data protection and governance principles:

    • Data Use: Only the data necessary to deliver the AI feature’s function will be used.

      • The exact data used will be available in the AI Transparency Notes for each feature.

      • The data used is the same data that is processed in non-AI systems that are the source of information provided by the FortiCNAPP security product.

      • For FortiCNAPP this data is usually

        • Cloud Audit Logs

        • Agent Telemetry

        • Code scans

        • Resource Scans

        • Vulnerability repositories

        • Threat Indicators

    • Access: Only authorized personnel within our infrastructure can access this data.

    • Storage: All processing and storage occur within our secured environment.

    • Retention: Data is retained only for the duration required for feature performance, which is a maximum of 90 days.

    • Governance: Customer data will not be shared or used for training third-party models or systems.

    • Data Privacy Protection: Customer data will be protected in accordance with any contractual obligations between you and Fortinet.

    AI Feature Consent and Data Processing Agreement

    The Base FortiCNAPP AI Assist GenAI capabilities do not train on any customer data.

    By enabling this AI feature, you provide informed consent and acknowledge the following:

    Your Authority and Responsibility

    • You confirm that you have the necessary organizational authority to make data processing decisions for your company's security data.

    • You are authorized to bind your organization to this data processing arrangement.

    • You understand this decision affects how your organization's security data will be processed.

    AI Feature Purpose and Function

    This generative AI feature analyzes your security data (cloud audit logs, agent telemetry, code scans, resource scans, vulnerability data, and threat indicators) to:

    • Generate automated security insights and recommendations.

    • Identify potential threats and vulnerabilities in your environment.

    • Provide contextual security guidance tailored to your infrastructure.

    • Enhance incident response through AI-powered analysis.

    Data Processing Details

    • Data Used: Only security data already processed by FortiCNAPP (specified above).

    • Processing Location: Within Fortinet's secured infrastructure in the same region as defined by data processing in your main service agreement.

    • Retention Period: Maximum 90 days, then automatically deleted.

    • Access: Limited to authorized Fortinet personnel for system operation and support.

    • Third Parties: Your data will not be shared with or used to train third-party AI models.

    • Lawful Basis: Legitimate interest in providing enhanced security services (GDPR Art. 6(1)(f)).

    Your Rights - You may at any time

    • Withdraw consent by disabling this feature in your account settings.

    • Request deletion of your data from AI processing systems.

    • Access information about how your data is being processed.

    • Contact us at privacy@fortinet.com with questions or to exercise rights.

    • File complaints with relevant data protection authorities.

    Important Considerations

    • Disabling this feature will remove AI-enhanced capabilities but will not affect core FortiCNAPP functionality.

    • Data processing will cease within 24 hours of withdrawal.

    • Previously processed insights may be retained in your security dashboard until you delete them.

    • This consent is separate from your main service agreement and can be withdrawn independently.

    Previous
    Next

    Appendix C - Customer opt-in for generative AI features

    Appendix C - Customer opt-in for generative AI features

    Purpose

    Feature opt-in enables select generative AI capabilities designed to enhance insights and productivity within our platform. These capabilities operate within secure and controlled environments that respect customer data privacy and security.

    Fortinet is committed to Responsible AI Usage.

    Enablement and Control

    • Generative AI features are disabled by default.

    • Only administrators can enable or disable these features for an account. Once enabled, the feature will be available to all users in the account.

    • Consent status, the user, and timestamp will be retained for compliance tracking.

    • Customers can revoke consent at any time.

    Revocation of consent

    When consent is revoked:

    • The feature will be disabled for all users of the account.

    • Customer data will no longer be accessible to any model involved in the feature’s AI system.

    Privacy by Design

    Our AI systems are architected with privacy and security at the core. Models run within our controlled infrastructure, and customer data never leaves it. Models are not trained on customer usage, ensuring your information remains private and isolated.

    GenAI System Transparency

    The FortiCNAPP AI Assist GenAI capabilities do not train on any customer data.

    For all GenAI Features, there will be an opt-in toggle for each feature dedicated to consent for that feature alone. The opt-in toggle will be accompanied by an AI Transparency document. This document will have details on how GenAI models are deployed as well as how data is handled and protected. It will also detail the architecture of the system to ensure no data leakage beyond the customer’s data governance.

    By consenting to one of these features, you are consenting to the use of your environment's data relevant for use within this feature’s AI system.

    Data Handling

    We adhere to strict data protection and governance principles:

    • Data Use: Only the data necessary to deliver the AI feature’s function will be used.

      • The exact data used will be available in the AI Transparency Notes for each feature.

      • The data used is the same data that is processed in non-AI systems that are the source of information provided by the FortiCNAPP security product.

      • For FortiCNAPP this data is usually

        • Cloud Audit Logs

        • Agent Telemetry

        • Code scans

        • Resource Scans

        • Vulnerability repositories

        • Threat Indicators

    • Access: Only authorized personnel within our infrastructure can access this data.

    • Storage: All processing and storage occur within our secured environment.

    • Retention: Data is retained only for the duration required for feature performance, which is a maximum of 90 days.

    • Governance: Customer data will not be shared or used for training third-party models or systems.

    • Data Privacy Protection: Customer data will be protected in accordance with any contractual obligations between you and Fortinet.

    AI Feature Consent and Data Processing Agreement

    The Base FortiCNAPP AI Assist GenAI capabilities do not train on any customer data.

    By enabling this AI feature, you provide informed consent and acknowledge the following:

    Your Authority and Responsibility

    • You confirm that you have the necessary organizational authority to make data processing decisions for your company's security data.

    • You are authorized to bind your organization to this data processing arrangement.

    • You understand this decision affects how your organization's security data will be processed.

    AI Feature Purpose and Function

    This generative AI feature analyzes your security data (cloud audit logs, agent telemetry, code scans, resource scans, vulnerability data, and threat indicators) to:

    • Generate automated security insights and recommendations.

    • Identify potential threats and vulnerabilities in your environment.

    • Provide contextual security guidance tailored to your infrastructure.

    • Enhance incident response through AI-powered analysis.

    Data Processing Details

    • Data Used: Only security data already processed by FortiCNAPP (specified above).

    • Processing Location: Within Fortinet's secured infrastructure in the same region as defined by data processing in your main service agreement.

    • Retention Period: Maximum 90 days, then automatically deleted.

    • Access: Limited to authorized Fortinet personnel for system operation and support.

    • Third Parties: Your data will not be shared with or used to train third-party AI models.

    • Lawful Basis: Legitimate interest in providing enhanced security services (GDPR Art. 6(1)(f)).

    Your Rights - You may at any time

    • Withdraw consent by disabling this feature in your account settings.

    • Request deletion of your data from AI processing systems.

    • Access information about how your data is being processed.

    • Contact us at privacy@fortinet.com with questions or to exercise rights.

    • File complaints with relevant data protection authorities.

    Important Considerations

    • Disabling this feature will remove AI-enhanced capabilities but will not affect core FortiCNAPP functionality.

    • Data processing will cease within 24 hours of withdrawal.

    • Previously processed insights may be retained in your security dashboard until you delete them.

    • This consent is separate from your main service agreement and can be withdrawn independently.

    Previous
    Next