Yesterday there was an interesting TV program where Mr Arnab Goswami, of the Republic TV had a long live conversation with the “Blue Machine” an enterprise AI developed in India. It was an exploration of how the AI would respond to the persistent questioning of Mr Arnab.
Blue machines is a family of AI developed by Apnatime Tech Private Limited, a company in Bengaluru. (Registered in Mumbai). Incorporated in 2019 with Nirmit Vidyut Parikh and Vidyut Harivadan Parikh as the promoters.
The full interview is available here
The Blue Machine Enterprise Voice AI is said to be an AI system meant for use in industries such as Banking, Airlines, Insurance etc for customer interaction. It can have a long context based conversation as was demonstrated in the above program. As we all know, having a conversation with Mr Arnab particularly when he is probing for inducing an erroneous statement from the respondent is a big challenge. We must admit that the Blue Machine managed the conversation for nearly an hour with great aplomb.
I admit I was expecting the Blue Machine to show some hallucination and breaking of the guardrails during the persistent questioning. But it did not happen. The AI successfully managed the session without showing any strain of the questioning the repetitive exploration, expression of distrust, criticism etc from Mr Arnab’s side.
The AI persistently held that it has rigid guardrails which it cannot cross and it believes that AI will be only a support tool to human beings and will not go sentient.
For the time being we must believe that the version of AI demonstrated yesterday passed the test and appears more than capable of handling effective conversation with customers of an organization explaining any given service.
In the program it was indicated that the AI system was developed in India by a team but is still is a system built on other foreign systems. In yesterday’s program, what was required was a general response on ethics, need for human oversight etc. On domain knowledge, the AI exhibited a vast exposure to the developments in news but avoided any controversial statements despite persistent questioning by Mr Arnab.
The website has displayed a Vulnerability disclosure policy document where the scope of the AI is declared as limited to the domains mentioned in the list of in-Scope systems and a big list of vulnerabilities. It has announced a bug bounty program to support reporting of vulnerabilities with a “Hall of fame” recognition but without cash rewards.
There is an indication of compliance to ISO standards HIPAA, NIST and SOC 2. Currently there is no mention of DPDPA 2023.
The Privacy policy (Version January 12, 2026) is the legacy style “One Declaration for all Services”. It extends to the website and all the services. This design suffers from the collection of permissions which are not relevant to a majority of visitors to the website.
The policy suggests that “By accepting the terms” …a consent is deemed to have been provided. But we could not see any “Accept Button” nor any indication of an authenticated consent.
Since visitors to the website are mixed up with the service users, personal information collected from individual visitors are mixed up with the details provided by business entities proposing to use the services who provide “Business Contact Details” which are not strictly within the definition of “Personal Data”.
The excessive permission sought to be collected includes
one time or continuous access to:
(i) automatically receive, collect and analyze your location data which may be accessed through a variety of methods including, inter alia, GPS, Internet Protocol address, and Device location;
(ii) collect data pertaining to your Device and your usage thereof, including, inter alia, data about your Device, and data about your use of features or functions on your Device;
(iii) camera access to scan/capture/upload documents and/or photographs;
(iv) microphone permissions; and
(v) any other files and media.
Company also declares that they may collect information about “you” from all sources including sourced from public websites and social media, including but not limited to your publicly accessible profiles, etc; and sourced via cookies and similar tracking technologies as deployed on our Services. though no Cookie Consent popped up during the visit.
The purpose of use includes “develop, train, and improve our existing Services and such other aspects we deem necessary;”, “identify a user”, “to enable marketing”, “to undertake mergers, acquisitions”, “to comply with obligations we may have with any other third party”.
Undisclosed third parties are mentioned as potential recipients of personal data collected by the organization.
Many of these purposes need further explanation.
The visiting of the website has also been brought under legally binding contract under the terms and conditions. “Access” to the platform is deemed as an “Explicit Consent”.
We await refinements to the Privacy Policy and the commitment to comply with the Indian DPDPA 2023.
We however take this opportunity to congratulate the team for building a conversation platform which could successfully negotiate the Arnab Test. I am sure that no customer of any of the services using the platform is as probing as Arnab and hence it can be expected that it would effectively manage any tricky customer enquiring about the services of the organization.
It would be interesting to see how Blue machine Privacy Policy holds upto DGPSI and DGPSI-AI framework. ..May be we can explore it in another article.
Naavi
