// Trust & Security Report
Aisera, Inc. (acquired by Automation Anywhere, Nov 2025)
Agentic AI platform for the enterprise (AI Agents & Assistants for IT/ITSM, HR, Finance, Procurement, Customer Service)
Certifications held
8
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on aisera.com“Aisera is ISO 27001 certified and HIPAA compliant. Additionally, Aisera holds SOC 2 Type II certification and provides a comprehensive BAA”
Verify on aisera.com“Aisera is ISO/IEC 27001 and CSA Star Level 1 certified and is also SOC 2, GDPR, HIPAA/BAA, and CCPA compliant.”
Verify on aisera.com“When disclosing personal information from the EU, UK and Switzerland to third parties outside of the EU, UK or Switzerland, Aisera will enter into a written agreement with such third party that provides adequate protection for the data.”
Verify on aisera.com“Aisera is ISO/IEC 27001 and CSA Star Level 1 certified and is also SOC 2, GDPR, HIPAA/BAA, and CCPA compliant.”
Verify on trust.aisera.com“Penetration Test Report - Aisera Gen AI Platform - 2025 ... Penetration Test Report - Aisera AWS/Azure Infrastructure - 2025 ... Annual Penetration Test”
Verify on trust.aisera.com“Responsible Disclosure (Bug Bounty)”
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
AWS Oregon (US-West) for primary storage; Microsoft Azure US-West and Europe (EU data kept in EU for EU-based customers). Privacy policy notes data 'may be processed outside your country' and uses third-party servers including the US.
No explicit 'we do not train on your data' pledge was found in the public privacy policy. Architecture strongly signals customer data isolation: trust center lists 'Customer Data Segregation' and 'Data Processing Agreements in Place', and the TRAPS governance framework is positioned for data protection. Model customization is per-tenant ('LLM Studio supporting tailored tuning using organizational knowledge'), i.e. tuning scoped to the customer rather than a shared model. Default training stance on customer/business data is not publicly stated; confirm via the executed DPA / MSA before onboarding sensitive data.
// Security controls
Encryption in transit
Yes - 'We also encrypt all communications between the Aisera client and our web services.'
aisera.comEncryption at rest
Yes - trust center control 'Encryption at Rest'; data within platform encrypted once logged in.
trust.aisera.comPenetration testing
Annual third-party pen tests for both the Gen AI platform and AWS/Azure infrastructure (2025 reports available in trust center).
trust.aisera.comBug bounty / responsible disclosure
Responsible disclosure (bug bounty) program listed; no named platform (HackerOne/Bugcrowd) disclosed publicly.
trust.aisera.comCustomer data segregation
Listed as a product security control ('Customer Data Segregation').
trust.aisera.comInfrastructure controls
WAF, IDS, denial of public SSH, firewalls, daily database backups, audit log retention, code review, SDLC, incident response plan/team, security training, cyber insurance.
trust.aisera.comSubprocessors (transparency)
Disclosed: AWS (Oregon), Microsoft Azure (US West / EU + Azure OpenAI when applicable), Zendesk (AWS US-West), Deepgram (speech).
trust.aisera.comAI governance framework
TRAPS framework and a 'Responsible and Ethical AI Development Policy' published; PII anonymization advertised.
trust.aisera.com// Products & data scope
data: Ingests enterprise knowledge bases, ITSM/HR/Finance system data; cloud-hosted on AWS/Azure; per-tenant segregation; DPA + subprocessor disclosure.
Core platform. Customers can use Aisera's proprietary LLM or bring their own model; LLM Studio supports per-org tuning.
data: Connects to enterprise systems (e.g. ServiceNow, MS Teams, Epic/Cerner/Salesforce for healthcare); processes employee/IT support data, potentially PII/PHI under BAA.
Healthcare deployments operate under HIPAA/BAA. Permission-aware retrieval.
data: Analyzes internal documents/contracts; permission-aware; governed by TRAPS for data exfiltration prevention and anomaly detection.
Used for legal research, e-discovery, contract drafting; emphasizes data-mapping and privacy compliance.
data: Telemetry, logs, and ITSM data for proactive incident prediction.
Operational monitoring scope.
// What to watch
- Acquired by Automation Anywhere on 2025-11-04; aisera.com/platform/security-and-compliance now 301-redirects to automationanywhere.com/products/security. Compliance ownership and certification scope may transition to the parent over time; re-verify trust documents under the new entity.
- Bug bounty exists as a 'responsible disclosure' program but no named platform (HackerOne/Bugcrowd) is publicly identified.
- Public privacy policy does not explicitly state the model-training stance on customer/business data; segregation controls are present but the 'no training by default' guarantee should be confirmed in the executed DPA.
- Most certification artifacts (ISO cert, SOC 2 report, pen-test reports) are gated behind the Drata-powered trust center and require an NDA/request to download; titles are publicly listed but full reports were not directly read.
// At a glance
Pricing model
Enterprise / custom quote (RFP-based, 'Submit RFP' / 'Get a customized quote'); no public self-serve pricing.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Aisera, Inc. (acquired by Automation Anywhere, Nov 2025)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.aisera.com