Skip to main content
arupapara
Staff
arupapara
Staff
April 2, 2026

FortiCNAPP: Responsible AI by Design

  • April 2, 2026
  • 0 replies
  • 323 views

 

ResponsibleAI.png

 

As organizations increasingly rely on AI to accelerate cloud security investigations and security vendors embed more AI into their solutions, supporting responsible and transparent AI usage becomes critical. The FortiCNAPP AI team is committed to giving customers clear visibility and control over generative AI capabilities.  

 

This update reinforces responsible AI adoption while preparing the platform for upcoming AI-powered security capabilities. 

 

Trust in AI? 

Trust in Artificial Intelligence (AI) should not be assumed and depends on several crucial considerations. Risk assessments of the data being processed are essential. AI's non-deterministic nature means we must be overtly aware and deliberate about what data we feed into AI systems. For the security-oriented, this will be especially vital as Generative AI and integration into Agentic workflows and beyond continue to evolve and become increasingly complex.  

 

Understanding Trust in AI 

  • Risk Assessments of Processed Data: Building trust in Artificial Intelligence (AI) starts with thorough risk assessments of the data being processed. Each organization should consider its unique priorities regarding data ownership, control, and liabilities. Organizations should understand the governance of data and whether it is prohibitive to AI processing, versus data deemed safe for analysis and AI assisted analysis. 
  • Data Protection: Organizations must understand data protection and how data sent to AI systems moves, or more importantly, does not move beyond defined perimeters.  
  • Transparency as the Foundation of Trust: Finally, to establish genuine confidence in an AI System, one must trust the architects of the AI system. Transparency is crucial in demonstrating accountability, diligence, and supporting that AI systems operate within defined boundaries. 

Addressing these Risks in FortiCNAPP 

With these considerations in mind, FortiCNAPP is designed to address key trust factors in AI adoption, including data governance, user consent, and transparency of AI capabilities. The platform provides organizations with explicit control over when generative AI features are enabled, clear visibility into how AI systems interact with customer data, and documentation outlining the safeguards and protections in place. These mechanisms support that organizations can adopt AI capabilities in a controlled, transparent, and security-focused manner. 

 

Consent 

When enabling AI Assist: 

  1. Users are presented with a contextual consent page explaining the generative AI capabilities and related policies. 
  1. An admin user will be presented with a thorough explanation of consent and revocation, as well as the scope of consent, and can acknowledge and enable AI Features for their security teams. As more AI Features are made available, granular consent and transparency notes will be available for each feature separately. 

FortiCNAPP is committed to disseminating a clear and thoroughly presented scope to push forward responsible usage of AI-powered capabilities. 

Full details can be found in the documentation: 

Appendix C - Customer opt-in for generative AI features | FortiCNAPP | Fortinet Document Library  

 

Transparency 

The consent workflow supports organizations to adopt AI features with clear awareness of how AI capabilities are used within the platform. 

 

Trust requires openness. FortiCNAPP's Appendix B - AI transparency: FortiCNAPP AI Assist gives organizations a clear view into how AI Assist works – including what data is processed, how data is protected, and the security measures and safeguards in place. This documentation enables security teams to understand exactly what they're enabling, so they can make informed decisions about adopting AI capabilities with confidence. 

 

This aligns with Fortinet's principles of delivering AI that is safe, secure, and transparent. 

Data Governance 

 

FortiCNAPP's generative AI feature is designed with a fundamental principle: customer data serves and enhances only the same customer's security posture. A common concern among organizations adopting AI is whether their data might inadvertently leak to other customers through AI systems - particularly through model memory or cross-tenant data retention. FortiCNAPP addresses this concern by supporting customer data processed by AI Assist is isolated to that specific customer's environment and is designed to prevent sharing, access, or retention across tenants, as described in Fortinet’s Technical and Organizational Measures (“TOMs”). 

 

Effective AI governance involves setting policies, standards, and oversight mechanisms that define roles and responsibilities for developers, users, and stakeholders. FortiCNAPP implements restricted access to data through strict tenant isolation, supporting that access is restricted through tenant isolation and role-based controls, as described in the TOMs. Combined with the consent framework and transparency documentation, this governance approach supports organizations retain full control over their data while benefiting from AI-powered security capabilities. 

 

For comprehensive details on data governance, safety measures, and security protocols, refer to the AI Transparency Documentation: Appendix B - AI transparency: FortiCNAPP AI Assist 

 

Alignment with AI Security and Compliance Standards 

The AI Assist consent framework supports alignment with current AI governance standards, including: 

These references describe directional alignment with governance principles and do not constitute compliance certification. These frameworks emphasize transparency, governance, and responsible deployment of AI systems, especially in security-critical environments. 

Fortinet’s AI capabilities have been developed in strict adherence with Fortinet’s AI information security policies, available through the Fortinet Trust Resource Center 

Enabling Future AI Capabilities 

This granular consent framework also prepares FortiCNAPP for future AI-driven security innovations, including: 

  • AI-powered threat detection 
  • Advanced AI-assisted investigation workflows 
  • New AI-powered cloud security use cases 

These capabilities will continue to evolve under the same principles of responsible, transparent, and secure AI adoption. 

 

Responsible AI Across the Platform 

While generative AI often draws the most attention due to its broader risks and regulatory obligations, responsible AI applies to all AI models. FortiCNAPP reflects this approach by providing enhanced transparency and consent for generative features, while also documenting and monitoring traditional ML models that underpin its security intelligence.  

 

These models detect anomalies, flag suspicious behaviors, and contribute to cloud security, all within documented operational parameters and security controls. By addressing both generative and non-generative AI, FortiCNAPP supports that every AI capability operates responsibly and in alignment with its principles of trust, data protection, and accountability. 

 

AI/ML Models Supporting FortiCNAPP Security Intelligence 

FortiCNAPP already leverages machine learning and anomaly detection models to identify suspicious behaviors across cloud environments. 

These models are documented in the FortiCNAPP alerts reference and contribute to detecting threats such as: 

  • Active scanning 
  • Anomalous and suspicious host commands 
  • Anomalous user agents 
  • Compromised cloud storage activity 
  • Unusual access to AWS storage 
  • Domain Generation Algorithm (DGA) activity 
  • Hostname command injection 
  • SSH brute force attacks 
  • Time-series anomaly detection 

These models are part of Fortinet’s broader strategy of delivering responsible and transparent AI-driven security capabilities. 

More details are available in the anomaly detection reference documentation: 
Appendix A - Anomaly detection models 

 

Moving Forward 

With strong developments on GenAI, LLM, and Agent AI-assisted workflows, FortiCNAPP strengthens its commitment to responsible AI governance while enabling powerful AI-driven security capabilities. The platform’s framework emphasizes explicit user consent, transparency into how AI capabilities operate, and clear documentation of the safeguards protecting customer data. 

As new AI features are introduced, this governance model supports organizations retain visibility and control over AI-enabled functionality while adopting innovations with clarity, transparency, and confidence. 

Planned capabilities are subject to change and may vary in availability, features, and regulatory requirements at the time of release. 

 

    Terms & ConditionsAccessibility statement