Skip to content
Contact us
  • There are no suggestions because the search field is empty.

AI Autofill on Questionnaires

Overview

Use AI autofill to have UpGuard suggest answers to uploaded questionnaires based on documents (evidence) you provide.

How it works:

  • You receive a security questionnaire from a potential vendor.
  • You upload the questionnaire to Trust Exchange and select which evidence you want UpGuard to use.
  • UpGuard uses the selected evidence to suggest answers for the questionnaire.
  • You review suggestions and accept, reject, or edit as you go.
  • You save your responses and move even faster through the next questionnaire.

The result: you save time and vendors still get the answers they need.

Accepted source documents

AI autofill on Trust Exchange can reference content in the following document types:

  • PDF
  • Excel
  • Questionnaires completed in UpGuard

Not accepted:

  • Image files (including images embedded in PDFs)
  • Password-protected files (including PDFs)

🧠 Tailor source documents to the topics in the questionnaire. SOC 2 reports, information security policies, and past questionnaires are good defaults.

Run AI autofill

Import a questionnaire or open an existing questionnaire (Trust Exchange>Answer Questionnaires>select a questionnaire>edit answers). From the questionnaire responder (where you can input and edit answers):

  1. Click the Tools (hammer icon) at the bottom of the page.
  2. Click Run autofill.
  3. Select evidence. This is the evidence that UpGuard will be using to formulate answer suggestions. Only selected evidence is used.
    1. Upload new documents using the upload field.
    2. Click the checkmark next to existing documents to select those as sources.
  4. Adjust settings.
    1. Autofill empty fields only: toggle this on to have AI autofill ignore any questions with existing answers and preserve answers you've already provided.
    2. Apply persona: apply one of four default personas or create a custom persona. Read more about personas.
  5. Click Run autofill.
  6. Autofill will begin drafting suggestions. You can navigate away from the page while it does this.
  7. Click Continue answering.
  8. You’ll see where autofill has suggested answers along with a confidence rating for each suggestion. You can accept, reject, or edit each response. If you accept responses, you’ll see an AI icon designating that the response came from AI autofill, along with a link to the source used to reach that response.
  9. Click Submit when you’re ready to complete your questionnaire.

The sender is notified that your questionnaire has been submitted. If necessary, you can update your answers after submission and the recipient will be notified of any changes.

❗ Submitting with unreviewed suggestions accepts them all as-is.

Confidence ratings

Each AI-generated suggestion includes a confidence rating that indicates how strong the source data is for that suggestion. Use confidence ratings to prioritize your review, so you can move faster though high-confidence suggestions and spend more time on the ones that need closer attention.

There are three confidence ratings:

Confidence rating

What it means

Exact match

AI Autofull has detected a question that is an exact match to a question on a source document. These suggestions are extremely high-confidence.


Exact match has strict match requirements in place, to increase chances of AI autofill parsing exact matches: use one source questionnaire (the same platform questionnaire as the one being answered).

Strong match

UpGuard found a direct match in your source data. These suggestions are high-confidence.

Needs review

AI Autofill produced a suggestion but the source match is less certain. Read the suggestion carefully before accepting, editing, or rejecting.

🧠 Click Filter>Autofilled to filter the questionnaire to see only responses with AI autofill suggestions.

AI personas

Apply a persona or write a custom prompt to control how the AI generates responses. Custom prompts let you tailor the tone, format, and length of suggestions, and steer how the AI handles missing information.

Available personas

Persona

Description

Security analyst

A no-fluff technical steward using formal, objective language and a bias towards industry-standard terminology. Responses are detailed and lengthy, prioritizing technical specs over marketing.

Instead of apologizing for gaps, it proactively highlights compensating controls and roadmaps.

Sales engineer

A confident, persuasive advisor using punchy, accessible language that minimizes jargon. Responses are concise and high-impact, framing security as a customer benefit.

Focuses on ease of adoption and frames technical facts as competitive advantages.

CISO

An authoritative executive voice focusing on strategic so-what outcomes. Responses are moderate in length, balancing technical posture with business enablement.

Prioritizes regulatory alignment (SOC2, GDPR) and operational resilience over granular settings.

Default

A direct, professional, and neutral tone. Responses are standard in length and strictly written from a third person perspective (other personas will use third persona language as needed).

This is a strong baseline.

Custom

User-defined. Tone, language, and length are variable based on the specific prompt instructions you provide.

Tips for using a custom persona

  • Set the tone, format, or length of responses. Example: Keep responses extremely brief (max 2 sentences) in bulleted format. Use modern, casual but professional language that emphasizes our cloud-native agility and use of automated compliance tools.
  • Prescribe language defaults. Example: Prioritize GDPR and CCPA terminology. Whenever data storage is mentioned, explicitly state that all data is encrypted at rest and in transit using industry-standard protocols.
  • Create style guide choices. Example: Always reference specific document names (e.g., 'Refer to the Information Security Policy') when describing a control, and use a tone that is ready for a Big Four audit.

🎵 Custom prompts have a 5000 character limit.