Skip to main content

NetBrain AI Governance Practice

  • June 1, 2026
  • 3 replies
  • 44 views

Forum|alt.badge.img

Hi NetBrain Team,

While we embrace the agentic AI capability brought by NetBrain, I am wondering if NetBrain complies to any AI standards such as ISO 42001 and ISO 42005 as below:

ISO/IEC 42001 - The world’s first AI management system standard, providing valuable guidance for this rapidly changing field of technology. It addresses the unique challenges AI poses, such as ethical considerations, transparency, and continuous learning. For organizations, it sets out a structured way to manage risks and opportunities associated with AI, balancing innovation with governance.

ISO/IEC 42005 - AI technologies are rapidly reshaping industries, economies and daily life — offering immense benefits, but also raising ethical, social and environmental concerns. ISO/IEC 42005 plays a crucial role in ensuring these impacts are responsibly addressed. By guiding organisations through structured impact assessments, it enables them to align AI development with values such as fairness, safety, and human-centred design. It also supports broader governance and risk management practices, reinforcing trust and societal acceptance of AI systems.

More AI standards could be available here:

https://www.iso.org/sectors/it-technologies/ai

 

Appreciated if you could share the thoughts.

Regards,

Andong 

3 replies

Forum|alt.badge.img
  • NetBrain Employee
  • June 30, 2026

Hi Andong,

AI governance is something we take seriously. A useful starting point: ISO/IEC 42001 and ISO/IEC 42005 are written for organizations and how they manage AI, not for individual software products. 42001 sets out requirements for an AI management system, and 42005 provides guidance for assessing an AI system's impact. So in practice the useful question is less "is the product certified" and more "how does a given AI capability fit into your organization's AI management program."

Separately, responsible AI is core to how NetBrain designs its agentic capabilities. Humans stay in control of any consequential action, and outputs are grounded in your real-time digital twin and your actual network state rather than generated in isolation.

For the specifics you're asking about, including exactly how NetBrain maps to ISO/IEC 42001 and 42005 and where NetBrain stands on these standards, I'd rather connect you with the right people than paraphrase them. Our security and compliance team are the right source for that detail, and your NetBrain account team can share our current AI architecture and security documentation. If you'd like, I can help set that up.

Appreciate you raising it, and happy to keep the conversation going here as well.

Best regards,
Sahil
TME, Netbrain

 

 

 

 


Forum|alt.badge.img
  • Author
  • New Participant
  • July 1, 2026

Hi Sahil,

Thanks a lot for the update and providing the detail information.

Yes you are right ISO/IEC 42001 is not a product certificate, similar to ISO 9001 or ISO 27001, it’s a certificate for organizations which develop, deploy or use the AI systems. I trust NetBrain has put similar policies or controls for this.

From integration partners and customers’ perspective, I believe a few things remain as key concerns:

  • Human Oversight - I believe this has been addressed by NetBrain to put human in control
  • Privacy and Security - While NetBain leverages OpenAI, Gemini or ChatGPT for their AI capabilities, is there a mechanism to prevent customers’ sensitive data like configurations, network topologies etc. to be shared openly and used for LLM trainings? is the production dataset shared with AI LLMs processed with de-identification?

It will be appreciated if you could share a bit insight about privacy and security control, so we could communicate with customer and address their concern properly.

Best Regards,

Andong 


Forum|alt.badge.img
  • NetBrain Employee
  • July 2, 2026

Hi Andong,

Happy to share the privacy and security detail.

Your data is not used for LLM training. It's used only at the session level to answer the task in front of it, and is encrypted in transit and at rest. In the default configuration NetBrain uses the OpenAI API under OpenAI's API terms: any data cached on OpenAI's side is kept for up to 30 days and then deleted, unless retention is legally required, and none of it is used for training. Unless you explicitly share it, neither NetBrain nor OpenAI can view the content of your queries or responses.

To be precise rather than just reassuring: the data sent to the LLM is minimized, and passwords are masked in configuration files, but it isn't fully de-identified. Items like IP and MAC addresses, device names, and Layer 2/3 topology are sent in their real form, and CLI output isn't masked. So the accurate description is minimized and encrypted, not anonymized.

For customers who need tighter control, the deployment options are the real answer:

  • Bring your own LLM account (OpenAI, Azure OpenAI, Google Gemini, or Anthropic Claude) using your own key, so data residency and terms follow your account with no NetBrain involvement.
  • Run a local, OpenAI-API-compatible LLM, so no network data leaves your environment for AI processing. This is the strongest option for sensitive or isolated networks.
  • Scope what AI can touch: admins can define which data and resources are exposed to AI, restrict sensitive devices, or turn it off entirely, with outbound AI calls logged for audit.

 

Best regards,
Sahil