Security Considerations for Windchill AI Assistant
This topic outlines how data is protected while in transit and at rest, and highlights considerations related to document content and data governance.
Data in Transit
All communication during transmission is encrypted using TLS 1.2 or higher. This includes:
• Traffic from the Windchill AI Assistant plugin to Azure services.
• Traffic between Azure services.
Data at Rest
Data stored by the Windchill AI Assistant in Azure services is encrypted at rest. Specifically:
• Azure Storage—All data stored in Azure Storage is encrypted at rest using Microsoft‑managed keys.
Considerations for Document Content
When AI systems process documents, they analyze the available text to generate responses. In some cases, this may include non‑visible or hidden text embedded within documents.
If document content contains misleading or intentionally crafted instructions, it may influence AI‑generated responses, for example, by biasing recommendations or causing unexpected behavior for certain queries.
The Windchill AI Assistant includes technical safeguards and permission‑based access controls that significantly limit the actions the AI can perform. However, this class of risk cannot be fully eliminated in any AI‑enabled system.
As with other enterprise systems, overall security also depends on:
• Controlling who is allowed to upload, modify, or manage documents.
• Applying appropriate access policies through Windchill’s existing security model.
• Following established data governance and content‑review practices.