Introduction
Smart Search harnesses advanced AI technology to deliver secure, reliable, and user-friendly chat features. This guide explains the tool’s architecture, key capabilities, and safeguards, helping you use it confidently and responsibly.
Smart Search at a Glance
- Secure, read-only AI assistant for ADS
- Shows only information you’re allowed to see
- Automatically blocks unsafe or off-topic requests
- Activity is logged for accountability and support
- Designed to meet industry security and responsible AI standards
Seven Layers of Security & AI Safety (How Your Access and Data Are Protected)
The Smart Search tool applies a multilayered security and AI safety framework to protect users and data while ensuring responsible operation. Below is an overview of the seven key layers that work together to safeguard access, privacy, and system integrity.
| Security Control | Description |
| Identity Verification (Authentication) | Sign in through Azure for browser users; special key and trusted clients for other systems; access denied if proof doesn’t check out; check happens before anything else |
| Role-Based Access Control (Authorization) | Over 60 security roles; AI uses tools matching user role; tools for higher-privilege users invisible to others |
| Organizational Data Isolation | Users access only their own programs or institutions; enforced automatically; can’t see others’ data |
| Input Sanitization & Threat Detection | Messages checked for dangerous content and attacks; limits on message size and amount; prevents misuse and keeps system safe |
| AI Guardrails & Responsible AI Controls | Runs on Microsoft’s secure platform; restricted topics (answers only about ACGME and its tools); read-only tools; content filters; clean responses; admin kill switch; quick updates |
| Audit Trail, Monitoring & Accountability | Everything recorded: user, question, AI answer, errors; reconstruct conversations; track usage and costs; protect sensitive info; monitor performance |
| Error Handling & Data Leakage Prevention | Safe error messages for users; engineers get detailed info; protects sensitive system information |
Additional Controls
This section outlines the robust security, compliance, and operational controls implemented to ensure responsible and secure use of AI within the system. The following measures help safeguard data integrity, user privacy, and overall system reliability.
| Feature | Benefit |
| Communication | All information exchanged is encrypted, so your data stays safe from hackers and snooping. |
| API Access | Only trusted websites can connect, making sure strangers or bad actors can't access your information through the app. |
| API Documentation | Technical instructions for connecting to the app are hidden in the live environment, reducing the risk of misuse by outsiders. |
| User Session | Your activity is kept separate from other users, so what you do or share won't accidentally show up for anyone else. |
| AI Retries | If something doesn’t work the first time, the system automatically tries again, so you get more reliable results without needing to redo your work. |
| Response Caching | The app remembers answers to repeated questions, so you get faster responses and don’t waste time waiting for the AI to process the same request again. |
What Users Should Know
This section provides essential information to help you understand how Smart Search works and the safeguards in place, allowing you to interact confidently within the tool.
| Topic | Details |
| Tool design | The Smart Search tool is designed to be safe, secure, and transparent. |
| Data visibility | You will only see data relevant to your role and organization. |
| AI actions | Smart Search is read-only. It cannot make changes to records or perform destructive actions. |
| Security checks and filters | Security checks and filters run behind-the-scenes to protect all users and data. |
| Error or maintenance message | If you encounter an error or maintenance message, your information remains secure and will be reviewed by the support team. |
Smart Search is intentionally designed to prioritize safety, accuracy, and appropriate access over completeness or speculation.
Limitations
The Smart Search tool is subject to certain restrictions designed to protect your privacy and maintain system integrity. Understanding these limitations will help ensure effective and secure use of the tool.
| Limitation | Description |
| AI responses | Limited to registered tools and ACGME related processes to ensure accuracy, security, and appropriate use. |
| Data and actions | Read-only—no edits or deletions can be made via the chat |
| Session and data isolation | You won’t see information from other programs or institutions |
| Technical details and error messages | Never shown to users for security reasons |
Smart Search is not a system for making changes, accessing unrestricted data, or bypassing ACGME security controls.
Industry Framework Alignment
This section highlights how Smart Search aligns with key industry frameworks and standards for responsible and secure AI deployment.
| Framework | Key Requirements Met |
| OWASP Top 10 for LLMs | Prompt injection prevention, output sanitization, DoS mitigation, data isolation, tool authorization, read-only agency |
| NIST AI RMF | Centralized governance, risk tracking, telemetry & monitoring, kill switch & fallback |
| Microsoft Responsible AI | Fairness, reliability, privacy, transparency, accountability |
| EU AI Act | Human oversight, full interaction logging, organization-scoped data governance |
| SOC 2 | Logical access controls, system boundary enforcement, monitoring, config change management |
Frequently Asked Questions
These FAQs address common questions users may have after using Smart Search, explaining what you might notice and why certain safeguards are intentionally in place.
| Question | Answer |
| 1. Why don’t I see certain tools or information in Smart Search? | Smart Search only shows information and options you’re allowed to access based on your role. If something isn’t relevant to you, it simply won’t appear. |
| 2. Why does Smart Search sometimes refuse to answer a question? | Some questions may be blocked if they fall outside of ACGME related topics or don’t meet security and usage guidelines. This helps keep the system safe and focused. |
| 3. Is my activity in Smart Search tracked? | Yes. Questions and responses are logged, so issues can be reviewed, monitored, and resolved if needed. This helps support accuracy, accountability, and system reliability. |
| 4. Why are Smart Search answers high level instead of technical? | Smart Search is designed to provide clear, user-friendly answers. Technical system details and internal error information are intentionally hidden to protect security. |
| 5. What happens if Smart Search has trouble answering my question? | If something doesn’t work the first time, the system may automatically retry. For repeated questions, Smart Search can also return answers faster to improve performance. |
| 6. Can my questions or results be seen by other users? | No. Your Smart Search session is private, and your activity isn’t shared with other users or organizations. |
| 7. What happens if Smart Search needs to be limited or turned off? | Administrative controls are in place to restrict or disable Smart Search if necessary, helping ensure responsible and secure use. |
| 8. How does Smart Search meet security and AI standards without being complicated for users? | Smart Search follows recognized security and responsible AI standards behind the scenes, while keeping the user experience simple and easy to use. |
Conclusion
Smart Search offers robust security, privacy, and reliability through a layered defense-in-depth approach and alignment with industry standards. By understanding its capabilities and limitations, you can use the tool confidently for your organizational needs. These safeguards ensure Smart Search can be used confidently as part of ACGME’s broader digital ecosystem.