3rdRisk Help Center
3rdRisk.com
3rdRisk Help Center
3rdRisk.com
Getting startedVideos
Technical Setup
Configuration
Third Parties
Assessments
Compliance
Risks
Platform
Issues and action plans
Tomorrow and beyond
Integrations
Troubleshooting
AI-functionalities
How do we work with AICountry Risk Report (Beta)AI Document AnalyserPredictive Risk Profile (3rd party Risk Report)

How do we work with AI

Philosophy 

At 3rdRisk we do AI a little differently. We fully integrate AI into the platform for the users that want, it is a choice. We can even disable certain AI features if you do not want to use those. By fully integrating, we can enable the best workflow and the best outcomes. When we look at what to build, we look at where our users are struggling and what we can do to enable them in their work. 

Human in the loop

Fully anonymous AI agents might be the future, but right now we work on the basis that the AI should be auditable, trackable, and only perform actions when the user has given their explicit permission to do so. For example, we only read the document in the document analyser when the user loads it. This is a little slower for the end user but allows us to not to have to read documents into the vector database until needed. Of course, this can be changed, but that requires explicit permission during setup. 

Lexi / Virtual officer

Have you seen our virtual officer Lexi? She is the cutest. She is our way to show and guide the user through our AI (and non-AI) features like the Inherent Risk Profile. Whenever you see her, make sure to read what she's saying.

 

Time savings

Third-party risk management (TPRM) can be a time-consuming process and is often done by a smaller team. That is why we focused on saving time wherever possible. When we spoke to our customers, many of them mentioned that manually reviewing supplier provided documents was a very time-consuming process. That is why we started building the document analyser. It has since grown quite a lot. Many customers let us know that it saves them multiple hours per document, which is of course amazing!

Checkout our post about the document analyzer here: https://productupdates.3rdrisk.com/changelog/new-feature-ai-document-analyzer

Choose your own provider

At 3rdRisk we believe in supported customizability. This is why each version of our platform looks like it is part of your organization’s IT system. This is done through things like uploading your own logo, custom theming, and email customizability. 
That same principle is brought to the AI part of the platform. Depending on your own risk assessment you might need to go with a European or an American AI. That is why we support multiple AI providers (see 3rdrisk.com/ai) for the latest version of our supported providers. The changing of the providers is as easy as using the dropdown on the ai configuration page. Here you can see that depending on the complexity of the task you can change the AI provider, how this complexity works is defined below. 

Only for certain actions we don’t allow you to choose your own AI provider. Those are OCR and embeddings. Both of which are mentioned in the Data storage section.

Bring your own API key

By default, we provide you with an API key to speed up the enablement of ai features during the onboarding. If you need to or want to, you can use your own API keys, this allows you to have full control over the contract or usage of the AI providers.

We have agreements with each supported AI provider that the input provided through 3rdRisk is not used for training future models. 

Complexity levels

Within the 3rdRisk platform we do many AI tasks that have differencing levels of complexity. To provide you with the highest amount of freedom you can choose which AI provider you want to use for each level of complexity. What falls in each level is explained below. 

We do recommend using an internet-enabled AI model for high and very high complexity tasks, as those often require knowledge that is outside of the 3rdRisk or the built-in knowledge of the AI models.

A list of which features are used by the providers is available upon request but not publicly shareable. 

Low

Low complexity tasks are the easiest and fastest tasks that we offer, think of writing descriptions for questionnaires, small text summaries, and more. We recommend choosing a smaller / faster provider for this like Mistral.

Medium

Medium complexity tasks are the main bread and butter of the 3rdRisk AI features. This is used for tasks like Conclusion writing, field filling, and risk classification. We recommend choosing a provider that is good at text writing like Mistral / Gemini. 

High

High is where we reach the territory where only the context that 3rdRisk can provide becomes not enough for a full picture. Looking at the Inherent risk profile for example, you want to use the full knowledge of the internet to get the complete picture. That is why we recommend that you choose a provider that is internet enabled. For now, these are Google Gemini and Perplexity. Both offer great results, but we have seen Gemini perform a little better in handling the context from those results. 

Very high

Very high complexity tasks, like generating AI based advice and Country / Inherent Risk profile, are often longer running tasks as well. That is why we run these in the background. Here it is also best to choose a provider that is resilient and internet enabled. 

Data storage

Your data and files are incredibly important to 3rdRisk, that is why we encrypt them in transit and in storage. To enable you to do things like ask questions, reason with the AI and improve your workflow, our AI reads the contents of the PDFs. This is done through OCR (Optical Character Recognition) by the Mistral AI provider. Mistral is leading in its OCR capabilities and has been shown to be very efficient and effective for our use case. 

Mistral provides us through their OCR functionality the text that is inside of the PDF. That text is then split for each page, and each is stored separately. 

We have made agreements with Mistral that the passed in PDFs are not used for training and improving their service.

The contents of these pages and their respective knowledge are stored in a Vector database. Vector databases are very efficient in storing unstructured text, which is what most PDFs are made of. The vector database that we use is called Qdrant and is based in Berlin. We host the vector database ourselves. 

Data sharing

As mentioned in the data storage section, we have made agreements with our AI providers that we do not allow them to use the data to train their models. 

For each tenant, we store the data partitioned by a unique identifier which ensures data is not shared between tenants. All requests to the Vector Database are filtered on the data layer by this unique identifier. 

AI workloads

Now that we have some shared knowledge on how the AI is configured within the 3rdRisk platform, we can look at where the AI workload takes place. AI workloads are split between 2 sources. 

Internal workloads

These workloads are specific to your platform and are run on the same server that serves your platform. Meaning that it adheres to the same information, risk and security guidelines as “normal” code. 

External workloads 

Shared data / knowledge work, like the country risk profile, is handled on a separate instance. As these processes often take a lot longer (hours/days) and the data is shared between all AI enabled tenants, this is more efficient and ensures the same result for each tenant. This data is pulled from the external instance into your platform on a 3rdRisk-defined frequency. No data from your platform is used in the generation of these AI-results.

Was this article helpful?

English
Powered by Product Fruits