Box AI Trust

Box AI is not a single product but rather a set of capabilities that integrates advanced third-party AI models into Box’s existing products and features. Box AI will allow users to:

• Drive business insights instantly by allowing users to ask questions about a document’s content, pull out insights from a spreadsheet, or summarize a presentation, all with just one click.
• Create content in seconds by allowing users to quickly, for instance, draft emails, newsletters, or blog posts from the ground up in different tones, lengths, and styles, or develop agendas, manuals, and reports that build upon information that is already stored in Box.
• Automate workflows, tasks, metadata generation, and other process to deliver faster business outcomes (coming soon).

Box AI takes a platform-neutral approach to AI models to allow the best AI models to be applied depending on the need and, therefore, uses of AI foundational models. In March 2024, we announced the general availability of Box AI for Enterprise Plus customers with the integration of Microsoft Azure OpenAI Service’s GPT-3.5/GPT-4.

Currently, Box AI uses AI foundational models from multiple vendors, such as Microsoft Azure, Google, and others. We have a commitment to transparency of AI models, and we will always provide information on which models are used. In our efforts to provide our customers the latest and best in class advanced models, we continue to evaluate other AI service partners. 

As one of the core pillars of Box’s AI Principles, Box will not train AI models on our customers’ content without their explicit approval. 

Box AI is governed by Box’s built-in permissions and designed to keep customers in control of their data so users can only see and interact with the files and content they are allowed to access. Further, customers may enable or disable the use of Box AI and decide whether Box AI should be applied to their content. Box does not retain Box AI prompts and resulting outputs without explicit customer consent, nor do we allow our AI model service partners to do so. Once an answer is returned from our AI model provider that information is deleted from that provider's system. Once a document or application is closed in Box, all question and answer information is deleted from Box AI.

Box evaluates the large language models (LLMs) offered by our trusted AI service partners on a trust and safety basis. Box will only engage with providers that have rigorous controls in place to prevent biased and discriminatory outputs.  Additionally, Box has a large suite of use cases that we regularly test all models we integrate with to ensure they meet our high standards of quality and safety.

Our AI governance team regularly reviews legal, regulatory, technical, compliance and security considerations as well as requirements specific to industry, sector, and business purposes. Representatives from our security, legal, compliance and product departments work closely with our engineering team focused on AI to support efforts to meet our customers’ needs. Our AI governance program incorporates standards such as the National Institute of Standards and Technology AI Risk Management Framework (NIST AI RMF) and the Organization for Economic Co-operation and Development (OECD) AI Principles.