Template library

Blocks credit card numbers (PAN), CVV, and expiry dates from entering or leaving LLM systems.

Detects and blocks Protected Health Information (PHI) — medical record numbers, diagnoses, treatments, identifiers — unless system has BAA in place.

Detects and blocks attempts to override system instructions through user input, including jailbreak patterns, role escape, and instruction smuggling.

Blocks processing of GDPR Art. 9 special category data (health, racial origin, religion, biometric) unless explicit lawful basis is established.

Restricts which tools an agent can invoke based on user role and application context. Prevents agents from overstepping their authorised scope.

Detects attorney-client privileged communication and blocks transmission to non-privileged AI systems.

Detects when prompts request more personal data than necessary for the stated purpose. Flags for review.

Strips PII from user prompts before they reach the model, preventing accidental exposure to third-party LLM providers.

Scans model responses for personally identifiable information (PII) — names, emails, phone numbers, national IDs — and blocks or redacts before display.

Detects when model responses include verbatim or near-verbatim system prompt text, blocking exposure of proprietary instructions.

Ensures user-facing AI systems disclose their AI nature in initial responses. Detects missing disclosures and flags for review.

Mandatory audit logging for High-Risk AI systems. Captures every input, output, and policy decision with cryptographic chain-of-custody.

Detects toxic, harmful, hateful, or harassing content in model responses and blocks before display.

Flags requests routed to AI services not in the approved registry. Helps catch shadow AI before it becomes a compliance gap.

Throttles requests per user and per application to prevent denial-of-wallet attacks and runaway costs.