DBR Generative AI Limited General Availability (LGA)
Generative AI technologies—particularly large language models (LLMs)—are central to the capabilities of Data Breach Response (DBR) AI workflows. While these technologies are powerful, they also come with limitations. It’s important that you understand these limitations and use the product with appropriate care.
In general, we expect all DBR outputs to be reviewed by a human. Specifically, there are known risks that the AI may:
- Omit critical information, such as Personal Information (PI) or Protected Health Information (PHI).
- Incorrectly identify non-personal data as PI.
- Flag documents as containing PI when they do not—or fail to flag documents that do.
- Mislabel or miscategorize data.
- Fabricate PI that does not actually exist in the source document.
Although our testing has shown these behaviors to be rare, we cannot guarantee they will never occur. Therefore, human oversight remains essential.
Additional system limitations are outlined in more detail below.
Extracted text only
Currently, PI annotations are generated based solely on the extracted text from documents. This means that any information contained in metadata, images, or other non-text elements that are not visible in the extracted text will not be considered during annotation.
To ensure accurate processing, all unstructured documents ingested into the DBR tool must contain properly OCR-processed text.
Shared LLM resources
LLM services are integrated across various Relativity products within the operational geography/ RelOne instance. For optimal results, it is highly recommended to utilize a single AI-based tool at any given time.
Security and privacy
Azure OpenAI does not retain any data from the documents being analyzed. Data you submit for processing by Azure OpenAI is not retained beyond your organization’s instance, nor is it used to train any other generative AI models from Relativity, Microsoft, or any other third party. For more information, see the white paper A Focus on Security and Privacy in Relativity’s Approach to Generative AI.
Regional availability of Data Breach Response
The availability of Data Breach Response with GenAI varies by region.
The following table shows the regions in which Data Breach Response with GenAI is currently available:
Region | Current LLM Model |
|---|---|
United States | GPT-4.1 mini |
United Kingdom | GPT-4.1 mini |
France | GPT-4 Omni |
Germany | GPT-4 Omni |
Ireland | GPT-4 Omni |
Netherlands | GPT-4 Omni |
When using Relativity's AI technology, the selected customer data may be processed outside of your specific Geo location as specified below. Contact your Relativity Success Manager for further information.
Language support in Data Breach Response
Data Breach Response has been primarily tested on English-language documents, therefore accuracy is not guaranteed for other languages.
For the study used to evaluate Azure OpenAI's GPT-4 model across languages, see MEGAVERSE: Benchmarking Large Language Models Across Languages, Modalities, Models and Tasks on the arXiv website.
Data Breach Response does not support CJK characters.
Running Generative AI in Data Breach Response
To run Generative AI in Data Breach Response, you must reach out to your Relativity representative to turn on the feature within your instance.
- Before running the first ingestion job, navigate to Settings and toggle on GenAI in your workspace.
GenAI Mode can only be enabled for workspaces that have never run Data Breach Response before. Existing workspaces that have already started running jobs with Data Breach Response cannot be converted. - Select other settings as usual and Save.
- Proceed to Data Analysis as usual and start running the processes. Generative AI will run as part of the Unstructured Detection pipeline step. You will be able to see the estimated runtime for Data Analysis.

- There is a quota for how many unstructured docs can be run through GenAI. This quota is listed in the viewer and will be increased throughout the quarter. Existing document size and scale limitations for structured documents apply.
- You can continue to run custom detectors as usual. Customer detectors are not currently run through GenAI and therefore will not be autolinked to names as the GenAI detectors are.
- In the viewer you will notice a sparkle icon
for all GenAI generated entities on the Linked Entities panel.
You can directly edit linked entities and PI types.
Supported Personal Information detectors
Data Breach Response GenAI supports the following OOTB detectors:
| Detector Name | Default Status | Category |
|---|---|---|
| ABA Routing Number | Off | Financial |
| Address | On | Contact |
| Age | Off | Demographic |
| Bank Account Number | On | Financial |
| Credit Card Expiration Date | On | Financial |
| Credit Card Number | On | Financial |
| Credit Card Security Code | On | Financial |
| Date of Birth | On | Demographic |
| Date of Death | On | Patient |
| Driver License Number | On | North America |
| Email Address | On | Contact |
| International Bank Account Number | Off | Financial |
| Partial Credit Card Number | Off | Financial |
| Partial Date of Birth | Off | Demographic |
| Partial Social Security Number | On | Financial |
| Passport Number | On | Identification |
| Password | On | Security |
| Phone Number | On | Contact |
| PIN | Off | Security |
| Social Security Number | On | North America |
| UK Electoral Roll Number | Off | Europe, Middle East and Africa |
| UK National Health Service Number | On | Europe, Middle East and Africa |
| UK National Insurance Number | On | Europe, Middle East and Africa |
| UK Unique Taxpayer Reference | On | Europe, Middle East and Africa |
| US Individual Taxpayer ID Number | On | North America |