Auditing Powered by Iris AI
Auditing powered by Iris AI (Iris Auditing) allows you to transcribe the activity in the session video recording for further analysis. Features include the display of activity as a heatmap and sharing a recording with Delinea Platform users.
Before You Begin
Prior to performing an analysis, review the configuration and usage instructions for Iris Auditing. See Working with Iris Auditing.
Iris Auditing Safety Statement
Human-AI Oversight Requirement
Auditing powered by Iris AI (Iris Auditing) is designed to augment your skilled oversight – not to replace it. Iris Auditing alerts you to potentially risky activity in recorded sessions. This automation still requires a “human on the loop” for customer oversight, audit and feedback, to ensure accuracy and to optimize results over time. AI models are probabilistic in nature, meaning they can inherently produce outputs that are inaccurate or incomplete. You and your end users bear responsibility for any decisions, recommendations, actions, or inactions that arise from utilizing Auditing powered by Iris AI.
Data Privacy and Processing
Auditing powered by Iris AI uses Azure Computer Vision (ACV) and Azure OpenAI, both services provided by Microsoft. Key data handling and privacy features include the following:
-
Regional Data Hosting: Your tenant data is hosted and processed within the same region that you have selected for your cloud operation (US or EU), ensuring compliance with regional data handling regulations. Inferencing does not cross that boundary. However, any feedback that you send to Support ("debugging data") can be stored in other regions (see Data Included in Feedback to Delinea, below).
Due to local data hosting requirements, Iris AI (Auditing Powered by Iris AI and Authorization Powered by Iris AI) is not available in the United Arab Emirates.
-
Data Deletion After Processing: When Azure OpenAI finishes processing data from a Delinea Platform session recording, the data is immediately deleted from Azure and not retained by Microsoft. This ensures that evaluation data is handled securely and transiently. The LLM session is ephemeral and exists only for the duration of the inference call. Once the response is returned, the session is terminated and no data remains in the model context.
-
Tenant Isolation: each LLM session is scoped to a single tenant. No session context is shared across tenants or persisted between sessions.
-
No AI Training with Customer Data: Auditing powered by Iris AI does not and will not use customer recordings or data to train AI models unless we obtain your specific prior written authorization to do so.
-
Data Included in Feedback to Delinea: When a user flags an Iris Auditing session (analysis, comment, or alert) the specific data involved (any explanation for the flag, and the relevant session data) will become visible to our engineers for troubleshooting analysis and resolution only.
End-to-End Data Workflow
The data workflow table maps each step of the Iris AI Audit workflow, identifies the processing technology involved, and flags the single step at which an LLM is invoked.
| Step | Phase | Activity | Detail |
|---|---|---|---|
| 1 | Session Capture | RDP Session Initiated | A privileged user initiates an RDP session to a target server. The Delinea Platform management agent begins capturing screenshots of the session in real time. |
| 2 | Session Capture | Screenshot Capture | The management agent software captures sequential screenshots throughout the duration of the session. |
| 3 | Session Storage | Video Assembly & Storage | Screenshots are assembled into a session recording video and stored securely within the Delinea Platform audit repository. This recording is available for human review by system administrators. |
| 4 | Session Storage | Session Recording Stored | The session recording video is stored in the secure audit repository. No AI processing has occurred at this stage. |
| 5 | ML Processing | Computer Vision Transcription | Screenshots are processed by the Delinea Platform Computer Vision Algorithm, which is a rule-based, deterministic algorithm (not an LLM). This algorithm converts screen content into text. This step runs entirely within the Delinea Platform. |
| 6 | ML Processing | Session Transcription Generated | The Computer Vision output produces a structured text transcription of session activities. This transcription, combined with the original screenshots, forms the input for LLM analysis. |
| 7 | LLM Inference | Azure OpenAI GPT 4.1 Analysis | The session transcription and screenshots are submitted to a tenant-isolated, non-persistent LLM session running on Microsoft Azure OpenAI (GPT 4.1, US/EU regions). Inferencing runs within the tenant's data boundary. The session is ephemeral and no data is retained by the model or platform after completion. This is the only step in the workflow where an LLM is invoked. |
| 8–9 | Output | Activities Retrieved, Labeled & Stored | The LLM output identifies, labels, and categorizes the activities detected in the session. These structured activity records are stored in the Delinea Platform for audit and reporting. |
| 10 | Output | Presentation & Alerting | Findings are presented to security and compliance teams via the platform UI and/or sent as automated alerts. No raw session data is exposed in alerts. |
AI Risk Controls
The risk controls table addresses the most commonly raised risk areas in the context of enterprise LLM usage.
| Risk Area | Control / Assurance |
|---|---|
| Data Residency | Inferencing runs within the tenant's geographic data boundary (US or EU region, per configuration). No session data crosses regional boundaries. |
| LLM Data Retention | LLM sessions are non-persistent and ephemeral. Session content is not stored by the Azure OpenAI service after the inference call completes. Microsoft Azure OpenAI zero data retention policy applies. |
| Tenant Isolation | Each LLM session is discrete and tenant-isolated. There is no shared context, cross-tenant inference pooling, or data co-mingling between customers. |
| Model Training | Customer session data is not used to train or fine-tune any LLM. Azure OpenAI enterprise agreements explicitly prohibit use of customer data for model improvement. |
| Computer Vision vs. LLM | Screenshot-to-text transcription uses a deterministic Computer Vision Algorithm within the Delinea Platform — not an LLM. The LLM is invoked only for activity recognition and labelling using the transcription output. |
| Data in Transit | All data transmitted between the Delinea Platform and Azure OpenAI is encrypted in transit using TLS 1.2+. Delinea operates its own discrete Microsoft Azure environment. |
| Access Control | Access to session recordings, transcriptions, and AI findings is governed by Delinea Platform role-based access controls. Audit findings are only visible to authorized roles. |
| Audit Trail | Every AI-driven finding includes a logged rationale and evidence trail, supporting regulatory inspection and internal review without requiring re-analysis. |
Performing an Analysis
To analyze a session recording:
-
Select a recorded session.
-
Click the Activity icon in the video player task bar to show the Activity panel, if the panel is not displayed.
-
Click Analyze session.
The Activity panel is updated with every captured command grouped by activity, with full output, timestamps, and AI-assigned labels.
A search bar and Label filter help you zero in on keywords or behavi ors. Use Autoscroll to automatically synchronize the video player with the selected activity item. Click either the activity in the Activity panel or a time in the player's timeline to synchronize them.
