Klocwork AI remediation and data transmission

This section explains how customer data is handled by Perforce and third-party AI assistants when using Klocwork AI remediation. To learn more, see Perforce's Generative AI Policy and GitHub Copilot’s terms and settings.

AI remediation interacts with an AI assistant (such as GitHub Copilot Chat) to generate remediation suggestions. Depending on how your organization has configured the AI provider, your source code or diagnostic information may be transmitted to an external AI service.

Data transmission

No code or diagnostics are sent automatically. Data transmission occurs only when a user explicitly invokes an AI‑powered action, for example:

  • Requesting automated fixes
  • Asking the AI agent for explanations or refactorings
  • Submitting an AI chat request that requires additional project information to fulfill the request

Scope of transmitted data

Data sent to the AI provider may include the following:

  • Relevant portions of source code
  • Static analysis findings and metadata
  • Rule violation documentation and necessary context for producing remediation suggestions

Only the minimum required information for the AI request is included. The exact data handling behavior is determined by the AI provider’s implementation.

Externally hosted vs. locally hosted AI

Ensure that your deployment configuration matches your corporate data governance requirements.

Externally hosted (public) AI providers

If you are using an externally-hosted (public) AI providers (such as Anthropic, Google, or Microsoft), code and diagnostics may leave your environment and be processed by an external vendor.

Locally hosted (self-contained) AI models

If you configure a local LLM or on‑premise AI deployment, no data leaves your environment and no external transmission occurs.

Restrict external data transmission

Organizations that do not want any code transmitted outside their environment can:

  • Restrict users from using AI agent extensions (such as GitHub Copilot Chat) in VS Code
  • Configure the AI provider to use a local or self‑hosted model where applicable

Data usage and retention

Any data transmitted to an external AI system is governed by that AI provider’s own data usage, retention, privacy, and security terms.

Make sure to review the following:

  • The AI vendor’s data privacy documentation
  • Enterprise configuration options and retention settings
  • Your organization's compliance requirements