// Trust & Security Report

    Aisera, Inc. (acquired by Automation Anywhere, Nov 2025) logo

    Aisera, Inc. (acquired by Automation Anywhere, Nov 2025)

    Agentic AI platform for the enterprise (AI Agents & Assistants for IT/ITSM, HR, Finance, Procurement, Customer Service)

    Certifications held

    8

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO/IEC 27001
    HELD

    ISO 27001 Certificate of Registration - 2025

    Verify on trust.aisera.com
    SOC 2 Type 2
    HELD

    SOC 2 Type 2 Report - 2025

    Verify on trust.aisera.com
    HIPAA / BAA
    HELD

    Aisera is ISO 27001 certified and HIPAA compliant. Additionally, Aisera holds SOC 2 Type II certification and provides a comprehensive BAA

    Verify on aisera.com
    CSA STAR Level 1
    HELD

    Aisera is ISO/IEC 27001 and CSA Star Level 1 certified and is also SOC 2, GDPR, HIPAA/BAA, and CCPA compliant.

    Verify on aisera.com
    GDPR
    HELD

    When disclosing personal information from the EU, UK and Switzerland to third parties outside of the EU, UK or Switzerland, Aisera will enter into a written agreement with such third party that provides adequate protection for the data.

    Verify on aisera.com
    CCPA
    HELD

    Aisera is ISO/IEC 27001 and CSA Star Level 1 certified and is also SOC 2, GDPR, HIPAA/BAA, and CCPA compliant.

    Verify on aisera.com
    Penetration testing (annual, third-party)
    HELD

    Penetration Test Report - Aisera Gen AI Platform - 2025 ... Penetration Test Report - Aisera AWS/Azure Infrastructure - 2025 ... Annual Penetration Test

    Verify on trust.aisera.com
    Bug bounty / responsible disclosure
    HELD

    Responsible Disclosure (Bug Bounty)

    Verify on trust.aisera.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    AWS Oregon (US-West) for primary storage; Microsoft Azure US-West and Europe (EU data kept in EU for EU-based customers). Privacy policy notes data 'may be processed outside your country' and uses third-party servers including the US.

    No explicit 'we do not train on your data' pledge was found in the public privacy policy. Architecture strongly signals customer data isolation: trust center lists 'Customer Data Segregation' and 'Data Processing Agreements in Place', and the TRAPS governance framework is positioned for data protection. Model customization is per-tenant ('LLM Studio supporting tailored tuning using organizational knowledge'), i.e. tuning scoped to the customer rather than a shared model. Default training stance on customer/business data is not publicly stated; confirm via the executed DPA / MSA before onboarding sensitive data.

    // Security controls

    Encryption in transit

    Yes - 'We also encrypt all communications between the Aisera client and our web services.'

    aisera.com

    Encryption at rest

    Yes - trust center control 'Encryption at Rest'; data within platform encrypted once logged in.

    trust.aisera.com

    Penetration testing

    Annual third-party pen tests for both the Gen AI platform and AWS/Azure infrastructure (2025 reports available in trust center).

    trust.aisera.com

    Bug bounty / responsible disclosure

    Responsible disclosure (bug bounty) program listed; no named platform (HackerOne/Bugcrowd) disclosed publicly.

    trust.aisera.com

    Customer data segregation

    Listed as a product security control ('Customer Data Segregation').

    trust.aisera.com

    Infrastructure controls

    WAF, IDS, denial of public SSH, firewalls, daily database backups, audit log retention, code review, SDLC, incident response plan/team, security training, cyber insurance.

    trust.aisera.com

    Subprocessors (transparency)

    Disclosed: AWS (Oregon), Microsoft Azure (US West / EU + Azure OpenAI when applicable), Zendesk (AWS US-West), Deepgram (speech).

    trust.aisera.com

    AI governance framework

    TRAPS framework and a 'Responsible and Ethical AI Development Policy' published; PII anonymization advertised.

    trust.aisera.com

    // Products & data scope

    Aisera AI Agent Platform / Aisera Unify / Agent ComposerEnterprise agentic AI platform (build & run AI agents)

    data: Ingests enterprise knowledge bases, ITSM/HR/Finance system data; cloud-hosted on AWS/Azure; per-tenant segregation; DPA + subprocessor disclosure.

    Core platform. Customers can use Aisera's proprietary LLM or bring their own model; LLM Studio supports per-org tuning.

    Aisera Assistant / AI Agents for IT, ITSM, HR, Finance, ProcurementDomain AI agents / conversational support

    data: Connects to enterprise systems (e.g. ServiceNow, MS Teams, Epic/Cerner/Salesforce for healthcare); processes employee/IT support data, potentially PII/PHI under BAA.

    Healthcare deployments operate under HIPAA/BAA. Permission-aware retrieval.

    AiseraGPT / Generative AI Copilot (incl. Legal & Compliance)Generative AI copilot / search & drafting

    data: Analyzes internal documents/contracts; permission-aware; governed by TRAPS for data exfiltration prevention and anomaly detection.

    Used for legal research, e-discovery, contract drafting; emphasizes data-mapping and privacy compliance.

    AIOpsIT operations / incident prediction

    data: Telemetry, logs, and ITSM data for proactive incident prediction.

    Operational monitoring scope.

    // What to watch

    • Acquired by Automation Anywhere on 2025-11-04; aisera.com/platform/security-and-compliance now 301-redirects to automationanywhere.com/products/security. Compliance ownership and certification scope may transition to the parent over time; re-verify trust documents under the new entity.
    • Bug bounty exists as a 'responsible disclosure' program but no named platform (HackerOne/Bugcrowd) is publicly identified.
    • Public privacy policy does not explicitly state the model-training stance on customer/business data; segregation controls are present but the 'no training by default' guarantee should be confirmed in the executed DPA.
    • Most certification artifacts (ISO cert, SOC 2 report, pen-test reports) are gated behind the Drata-powered trust center and require an NDA/request to download; titles are publicly listed but full reports were not directly read.

    // At a glance

    Pricing model

    Enterprise / custom quote (RFP-based, 'Submit RFP' / 'Get a customized quote'); no public self-serve pricing.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Aisera, Inc. (acquired by Automation Anywhere, Nov 2025)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.aisera.com

    > Browse all vendor trust reports