Training with Purpose, Not Scrapings

How Our AI Was Built - Safe, Private, and Trained with Purpose

Mosaico’s AI is trained on verified, real-world business content — not internet scraps. We use curated HR policies, wellbeing practices, and workflows in a secure environment, ensuring useful suggestions without risking your data. You stay in control, and your information stays private.

Responsible by Design

Mosaico applies the OWASP Top 10 for AI risks to help ensure your experience is secure and private. It’s a choice we make because AI safety shouldn’t be optional.

OWASP Generative AI Security Project

Tricking the AI with Malicious Input

Someone could try to "fool" the AI by sneaking in hidden instructions to make it say or do something it shouldn’t.

Mosaico Protection

We don’t allow free-form prompts from users. Instead, our system builds safe, structured queries behind the scenes — so the AI can’t be tricked with sneaky input.

Blindly Trusting AI Suggestions

People might copy and use AI-generated content without checking it — even if it’s wrong.

Mosaico Protection

All AI suggestions are shown in a preview first. You decide whether to use, edit, or discard them — nothing is published without human review.

Training the AI with Bad Information

If someone sneaks incorrect or harmful info into the data used to train the AI, it can cause serious mistakes later.

Mosaico Protection

We only use verified internal documents to train the system — like your HR policies or pre-approved guides. Nothing public, nothing sketchy.

Overloading the System

Someone could send a flood of complicated requests that slow down or crash the AI.

Mosaico Protection

We limit how many things can happen at once and set time limits for every task. The system stays fast and responsive, even during busy times.

Using Unsafe Tools or Models

If the AI relies on models or tools from untrusted sources, it could introduce security issues.

Mosaico Protection

We only use vetted open-source models and keep everything in our controlled environment. There are no risky plugins or hidden third-party tools.

Accidentally Revealing Sensitive Info

The AI might unknowingly share private or confidential information from its training data.

Mosaico Protection

Mosaico is trained only on approved business documents — no emails, no chat logs, no personal data. Everything stays private and secure.

Risky Add-Ons That Give Too Much Power

Add-ons (like plugins or agents) could give the AI access to parts of the system it shouldn’t control.

Mosaico Protection

We don’t use plugins. The AI can’t touch your files, send emails, or make changes. It only gives suggestions — you stay in control.

AI Acting on Its Own

Some AI systems act like “agents” that make decisions or perform actions without permission.

Mosaico Protection

Our AI doesn’t make changes or take actions. It just gives suggestions — and you always decide what to do with them.

Relying on AI Without Questioning It

Teams might assume the AI is always right and stop thinking critically.

Mosaico Protection

We make it clear when content is AI-generated and give you full control to change or reject it. Mosaico helps — it doesn’t decide for you.

Stealing the AI or Its Data

Attackers might try to copy or extract the AI system itself or the information it learned.

Mosaico Protection

Our AI runs entirely within a secure system. No public access, no downloadable models, and no way for outsiders to copy it.

Where Mosaico's Knowledge Comes From

Mosaico’s AI is powered by real-world, business-ready content. We train only on verified materials — like HR guides, wellbeing frameworks, legal documents, and structured workflow templates — ensuring every suggestion is grounded in practical, trusted knowledge.

NZ legal data

Harmful Digital Communications Act 2015Employment Relations Act 2000Privacy Act 2020Unsolicited Electronic Messages Act 2007

Work practices

EmployerSelf-assessmentGuideWork-related wellbeing: What good looks like