Quick Summary
AI test case generation improves speed and coverage but it also raises important security questions for Jira teams. This blog explains how AIO Tests Rovo Assistant handles data processing, permissions, and AI model usage within Atlassian Rovo AI and what remains fully under your control.
AI test case generation is no longer experimental. Teams are already using it to reduce manual effort and improve coverage.
But adoption slows down at one point - “security”.
Not because teams don’t understand AI, but because they don’t know what happens to their Jira data once AI is involved.
If you’re evaluating an AI test case generator inside Jira, the real questions are:
- Does it expose our data?
- Is it used to train models?
- Does it operate beyond our control?
Many tools don’t provide clear answers.
AIO Tests Rovo Assistant is designed differently with a controlled, transparent approach that keeps your data within defined boundaries.
Why Security Matters in AI Test Case Generation
Jira is more than a bug tracker—it contains critical product and business information, including:
- Acceptance criteria
- Edge cases
- User flows and business logic
- References to internal or sensitive systems
AI tools need to process this data to generate test cases. That makes data handling and access control a key concern for QA and engineering teams—especially in regulated environments.
Why Most AI Testing Tools Raise Concerns
Many AI testing tools introduce risk because they:
- Send Jira data to external systems without clear visibility
- Retain or reuse customer data for model training
- Provide limited transparency into how data is processed
For teams working with sensitive or proprietary data, this lack of control becomes a major blocker to adoption.
How AIO Tests Rovo Assistant Handles Your Data
- Data Processing and Infrastructure
AIO Tests Rovo Assistant operates entirely within the Atlassian ecosystem and does not introduce any external data stores or processing layers. All data processing happens within Atlassian’s cloud infrastructure, ensuring it stays within Atlassian’s security framework.
The assistant only accesses data visible to the user within Jira, meaning sensitive information remains within existing permissions. There is no background operation, and no changes are made in Jira without explicit user approval.
- Use of AI Models and Sub-processors
AIO Tests Rovo Assistant uses Atlassian Rovo AI to generate test case suggestions. No external third-party AI providers are directly involved in processing your data.
Rovo AI may use underlying foundation models from approved sub-processors. However, these providers are contractually restricted from retaining, reusing, or training on customer data beyond generating the requested output.
- No Data Used for Training
Rovo AI does not use your data to fine-tune or train models.
Your data is not reused for product improvement or system upgrades. Atlassian’s approved third-party providers are also contractually restricted from retaining, reusing, or training on customer data for any purpose outside of generating test case suggestions.
What Data the Assistant Can Access?
To generate relevant test cases, the assistant can access:
Accessible Data:
- Jira issue fields (such as summary, description, status, priority)
- Project-level information
- Linked issues, where relevant
Restricted Data:
- Attachments
- Data outside the user’s permissions
- Data from other Jira tenants
If sensitive information exists in an issue, it may appear in generated test cases—so teams should apply appropriate data governance practices.
How Permissions and Access Are Enforced
AIO Tests Rovo Assistant strictly follows Jira’s permission model, meaning it can only access the data that the invoking user is authorized to view.
- Cross-project access is limited by the user's existing roles and permissions.
- Cross-tenant isolation is enforced by the Atlassian Forge platform, meaning data cannot be accessed across Jira tenants.
This user-level permission enforcement guarantees that only authorized users and systems can interact with sensitive data.
Security Measures and Compliance
Data protection is enforced through:
- Encryption in transit
- Encryption at rest
- Secure isolation via Atlassian Cloud and Forge
AIO Tests is also ISO 27001 certified, supporting teams with strict compliance requirements.
What the Assistant Can and Cannot Do
It’s critical to understand what AIO Tests Rovo Assistant can and cannot do in order to assess the level of risk it introduces to your workflow.
What It Can Do:
- Read the Jira issue context
- Generate AI-based test case suggestions
- Present suggestions for user review
What It Cannot Do:
- Create, update, or delete Jira issues
- Perform background actions
- No actions occur without explicit confirmation
This makes it a user-driven, read-only assistant, not an autonomous system. Auditability is built-in, with chat interactions logged by Atlassian, though no full transcripts are stored.
Human Review and Control
One of the most important elements of the AIO Tests Rovo Assistant is the human review step.
Before any AI-generated test case is saved in AIO Tests:
- The user must review the output
- Test cases are only saved after explicit confirmation
- No automation happens behind the scenes
This ensures full control over what’s saved, protecting your workflow from unexpected changes or data mishandling.
Control and Deactivation
The assistant is optional and fully controllable:
- Can be disabled at project or instance level
- Can be uninstalled at any time
- Existing test cases remain unaffected
This allows teams to align AI usage with internal security policies.
Conclusion
AIO Tests Rovo Assistant follows a controlled and transparent security model.
It:
- Keeps data within Atlassian’s ecosystem
- Does not use customer data for training
- Respects Jira permissions
- Requires user approval before saving any data
This approach gives teams clear boundaries and control—without sacrificing the benefits of AI-powered test case generation.
For teams evaluating AI in Jira, it provides a secure and manageable way to integrate AI into existing workflows.
FAQs
- Does AIO Tests Rovo Assistant store Jira data?
No. It does not retain data beyond the active session. Data is stored only when users choose to save test cases in AIO Tests.
- Is data used to train Atlassian Rovo AI?
No. Data is not used for training or model improvement. Providers cannot retain or reuse it.
- Does the assistant respect Jira permissions?
Yes. It only accesses data visible to the invoking user.
- How long are generated test cases stored?
Unsaved cases are deleted after 14 days. Saved cases remain in AIO Tests and are removed 60 days after the subscription ends.
- Are AI actions logged?
Chat activity is logged by Atlassian, but transcripts are not stored. The assistant does not perform write actions.
- Can the assistant be disabled?
Yes. It can be uninstalled or disabled without affecting existing test cases.
.svg){kind=icon}
