Human oversight
Every AI surface is paired with approve / edit / reject / escalate. AI never closes safety-critical work.
Permission-aware
AI inherits the calling user's RLS scope. No cross-tenant retrieval.
Auditable
Every AI tool call is recorded: user, tools, entities, model, timestamp.
Explainable
Answers cite the underlying records used to compose them.
How TrackProject AI works
TrackProject AI is a retrieval-grounded system. When a User asks a question, an orchestrator selects authorised tools, fetches the relevant project, infrastructure or Digital Twin records through Row Level Security, and passes that context to a foundation model. The model composes a response which is then post-processed, cited and surfaced in the UI with confidence indicators.
Known AI limitations
AI is probabilistic, not deterministic. It can hallucinate, miss nuance, misread ambiguous prompts, fail on edge cases and reflect biases present in upstream training data. We expose these limitations in-product and require human verification before AI output drives a material decision.
Human oversight
Every AI surface is paired with a human action: approve, edit, reject, override or escalate. AI cannot autonomously commission systems, close out QA, sign handovers, run irreversible workflows or notify external parties without an explicit human action recorded in the audit log.
Explainability
Each AI response shows the records it consulted (projects, racks, cables, audit log entries, telemetry samples), the tools it called and the model used. Workspace administrators can drill into any AI interaction from the audit log.
AI security
Prompts and retrieved context are encrypted in transit and at rest. Prompt-injection mitigations sanitise tool outputs, constrain the tool surface and reject instructions embedded in retrieved content. AI cannot execute arbitrary SQL, escape its tool sandbox, read raw secrets or call external endpoints not explicitly registered.
AI governance
An internal AI governance group — Chief Technology Officer, Head of Security, Data Protection Officer and Product lead — reviews new AI features, model changes and incidents against this policy, our AI risk register and applicable frameworks including the EU AI Act, ISO/IEC 42001:2023 and NIST AI RMF 1.0.
AI model updates
Foundation models are versioned. Customer-facing model changes are announced in release notes. Enterprise customers may pin to a specific tier or request advance notice of model rotation.
AI data isolation
AI inherits the calling User's RLS scope. There is no shared cache, no shared embedding index and no fine-tuning on Customer data. Cross-workspace leakage is structurally impossible because retrieval is scoped before the model ever sees a token.
AI transparency
AI-generated content is labelled in the UI. Confidence indicators and citations accompany material answers. We publish a changelog of significant model and prompt changes.
AI usage logs
Every AI tool call is logged: User, workspace, model, tools invoked, entities accessed, timestamp and a hash of the prompt. Workspace administrators can export AI logs for compliance review.
Out-of-scope uses
TrackProject AI is not certified for life-safety, structural sign-off, regulated medical, real-time industrial control or autonomous financial decisions. Customers must not deploy AI output for these purposes without independent verification.