For a full-featured overview of AI Safeguards, refer to the AI Safeguards - Overview, and for setup instructions and example use cases refer to the AI Safeguards - Admin Guide.
For Users
Who should be contacted if AI access is needed for a specific file or folder?
Contact your Egnyte domain administrator. Administrators can review which policies apply and determine whether access can be adjusted.
Why can’t my AI solution use a file I selected?
The file may be protected by an AI Safeguards policy that was configured by the domain administrator. The restriction applies to AI processing only. The file itself remains fully accessible and can be opened, edited, downloaded, and shared according to your access permissions.
Why can’t I see the AI Assistant, Knowledge Base or Agents in my account?
If AI functionality is available for other users but not for you, it likely means that a policy has been configured to remove AI access entirely for your account or the groups that you are in. When this type of restriction applies, all AI-related entry points are hidden. There is no visible indication that a restriction is in place.
If none of the users in your company have access to AI, it might mean that AI is not part of domain’s pricing plan or the AI functionality might be completely disabled by the domain Admin.
In both cases, contact your Egnyte administrator to find out whether AI access can be enabled.
Does restricting a file in AI Safeguards affect the ability to open or download it?
No. AI Safeguards restrict AI processing only. A user having correct file permissions can still open, download, edit, and share the file. The restriction applies only to AI features such as the AI Assistant, AI Agents, and Knowledge Bases.
Why does an external AI tool such as Claude or ChatGPT give a different answer when connected to Egnyte?
External AI tools connected through the Egnyte MCP Server are subject to the same AI Safeguards policies as the Egnyte platform. Files restricted by an active policy are not returned to the external tool, so responses may differ from what would be expected without a restriction in place. These applications also utilize their own logic to generate responses, and the specific verbiage of the AI Safeguards response might differ between responses.
For Administrators
A user reports that a file is unexpectedly blocked from AI processing. How can the cause be identified?
Navigate to the Reports panel, then Audit, then AI Safeguards, then Blocked. Filter by the user and the date of the incident to find the relevant entry. The report shows the file name, the date, and which policy was matched.
Review the matching policy in Settings, then Configuration, then AI. Confirm whether the criteria are correctly scoped and adjust if needed.
What should be focused on when reviewing the Flagged report?
The Flagged report lists every request that matched a Report Only policy. The files in this report were processed by the AI without restriction. The report is most useful when preparing to switch a policy from Report Only to Active state.
When reviewing the Flagged report, look for the following:
- Volume by folder or content type: a high volume of matches on a sensitive location or classification confirms that the policy scope is well-targeted before switching it to Active state.
- Unexpected users: matches from users who should not be accessing sensitive information may indicate that group membership or folder permissions require review.
- Missing activity: if expected high-risk activity does not appear in the report, the policy criteria may need to be broadened before enforcing.
How long does it take for a new or updated policy to take effect?
Changes to AI Safeguards policies may take a few hours to take effect across the domain.
Are changes to AI Safeguards policies recorded in audit logs?
Not currently. Changes to AI Safeguards policies are not recorded in the Configuration Settings report. This is a known limitation, and our target is to address it in future updates.
A user on a mobile device can still see AI entry points even though a Users or Groups-only policy applies to them. Is this expected?
Yes, but only on older app versions. Users on Egnyte for Android older than v.9.5 or Mobile App for iOS older than v.9.5 may still see AI entry points even when a Users/Groups-only policy applies to them. Upgrading the mobile app to v.9.5 or later resolves this situation. Despite having the entry points, they are still unable to execute any AI actions.
Can external AI tools connect to Egnyte on behalf of a user who has been fully excluded by a Users or Groups-only policy?
Yes. External tools connecting through the Egnyte MCP Server can still establish a connection on behalf of an excluded user. This is a known limitation of the MCP protocol and our target is to address it in future updates.
However, AI Safeguards policies apply to inbound requests to the Egnyte MCP Server, so the content returned to the external tool is sanitized according to the active policy set.
Are AI Safeguards available on all Egnyte plans?
No. Currently, AI Safeguards are in limited availability for Elite and Ultimate plans only. Contact your Egnyte account manager or Sales team for additional plan information.
The Content Classification criterion is not available when creating a policy. Why?
The Content Classification criterion requires Egnyte Content Classification capabilities, which are available on the Ultimate plan only. On the Elite plan, this criterion does not appear in the policy creation dialog.
A Users/Groups-only policy has been created but users can still see AI entry points. What could be the problem?
First check that the policy is in Active state and not Report Only or Inactive. Then verify that the affected users are members of the group referenced in the policy criteria or were selected individually. If the policy was recently created or updated, it might take a few hours for it to take effect.
If users are on a mobile app older than v.9.5, they will continue to see AI entry points regardless of the policy. Upgrading the app resolves this issue.
A policy with both Users or Groups criteria and other criteria type has been created, and users can still see AI entry points. Is that expected?
Yes, only policies configured to match just the Users or Groups criteria hide the AI entry points. In all other cases (from a user’s perspective), users will still see the AI entry points, and only certain files and folders they have access to will be covered by the policies.