StackHawk
Hamburger Icon

How We Built HawkAI to Protect Your Data

scott-gerlach@2x-1-ow5g5fs0er3j9gfu6l1v9s35oyob7u8unjuhurnhq8

Scott Gerlach|June 12, 2024

Learn about our AI data privacy guidelines so you can confidently leverage HawkAI to identify APIs and Applications in your attack surface without compromising privacy.

We’re thrilled to offer customers the power of AI to maximize efficiency, and protecting customer data will always be our top priority. Our AI technology, HawkAI, conducts a non-intrusive analysis of your code repositories, ensuring your source code remains private and secure.

HawkAI prioritizes data privacy by adhering to strict principles:

  • No source code, sensitive data, or PII data is shared with third parties.

  • No LLM Training: We don't use your data to train large language models.

  • Code Integrity: HawkAI does not send code contents to 3rd parties.

This ensures a powerful and secure experience you can trust. Read on to learn how each principle works in practice.

How does the AI feature work on a technical level?

StackHawk leverages AI to perform non-intrusive analysis of your code repositories, focusing on identifying programming languages, code frameworks, and other indicators of testable applications or APIs. This process is done without storing any of your source code, ensuring the privacy and security of your data. Additionally, your source code is never shared with third parties, maintaining strict confidentiality.

Where are we sending the data?

The data processed by HawkAI is handled internally within StackHawk's secure systems and with our selected AI vendor to ensure the confidentiality and security of your information. Our AI vendors undergo StackHawk’s vendor security review and onboarding process detailed in our Third-Party Management Policy. No source code, sensitive data, or PII data is shared with third parties, aligning with StackHawk's data privacy and security commitment.

What type of data will be processed by the API?

HawkAI focuses on interpreting the organizational patterns within your repositories to determine what kinds of applications or APIs are present, using this information as the source of truth. This process is conducted without storing any source code, ensuring the integrity and confidentiality of your data. PII data is never used in the HawkAI process.

Will the data be used for training?

Although StackHawk utilizes AI to analyze code repositories, the data processed by HawkAI will never be used to train large language models. The primary objective is to identify applications and APIs, with a commitment to keeping your source code private and not using it for training purposes.

Which AI provider are you leveraging?

StackHawk currently utilizes OpenAI, but our system is designed to be adaptable, allowing the integration of other large language models as needed. This flexibility ensures we continuously evaluate and implement the most effective AI solutions based on research and testing to enhance our functionality.

Can I opt out of AI usage?

Yes, HawkAI is enabled by default only through the GitHub integration. If you would like to utilize other GitHub integration features without allowing AI access, read the docs for instructions on how to disable HawkAI on your account.


Scott Gerlach  |  June 12, 2024

Read More

Discover the Best API Discovery Tools in 2024

Discover the Best API Discovery Tools in 2024

re-defining-api-discovery-thumbnail

Redefining API Discovery: How We Designed APIDiscovery, Powered by HawkAI

Building a Secure API Ecosystem Starts with API Discovery

Building a SecureAPI Ecosystem Startswith API Discovery