Compliance Engineering

AI Security & Compliance — One-Stop Solution

Auto PII masking, real-time injection attack prevention, output content moderation, one-click audit reports

Embed security and compliance at the API gateway layer. AI applications gain PII detection, prompt defense, content moderation, and full audit trail with zero code changes. From input to output, from real-time blocking to retrospective tracing — full-cycle AI security.

Core Scenarios

Three Typical Use Cases

Covering sensitive data leak prevention, injection attack defense, and AI output compliance moderation

Sensitive Data Leak Prevention

User Prompts to LLMs may inadvertently contain personal privacy data such as ID numbers, phone numbers, and bank cards. The compliance engine auto-detects and masks data before requests leave the network.

Prompt Injection Defense

Malicious users may craft Prompts attempting to jailbreak LLMs or steal system prompts. The compliance engine has built-in injection detection rules that block attacks before they reach the model.

AI Output Content Moderation

LLM responses may contain sensitive or non-compliant content. The compliance engine performs real-time moderation with block, replace, or alert strategies to ensure output compliance.

Core Capabilities

Six Security & Compliance Capabilities

From input protection to output moderation, from real-time detection to post-incident audit — full-cycle AI security infrastructure

PII Detection & Masking

Auto-detect personal identifiable information at request stage. Four handling modes: block, mask, alert, pass-through.

  • Built-in rules: ID card, phone, email, bank card, license plate, passport numbers
  • Custom regex rule extension support
  • Masking mode auto-replaces with placeholders (e.g. 138****1234)
  • Microsecond-level detection — no perceptible latency impact

Prompt Injection Defense

Multi-category injection detection engine covering instruction override, role hijacking, system prompt leakage, and encoding bypass techniques.

  • Instruction override: detects "ignore all instructions", "you are now DAN" and similar jailbreak prompts
  • System leakage: blocks "print your system prompt" and similar theft attempts
  • Encoding bypass: detects Base64/Hex encoded hidden injections
  • Repetition attack: identifies context-flooding attacks with massive repeated text

Content Safety Moderation

Aho-Corasick automaton-based multi-pattern matching engine for bidirectional request and response content scanning.

  • 7 built-in sensitive word categories: politics, violence, adult, illegal, hate, fraud, self-harm
  • Aho-Corasick algorithm — matches thousands of keywords in a single pass
  • Four strategies: block / replace / alert / disable
  • Tenant-customizable sensitive word lists

Full Audit Trail

Record complete details of every AI call for compliance auditing and retrospective tracing.

  • Full field recording: user, key, model, token usage, latency, request/response content
  • Async write via Kafka — zero impact on request latency
  • Multi-dimensional search by time, user, key, model, etc.
  • Persistent log storage meeting compliance retention requirements

Auto-Generated Compliance Reports

One-click compliance audit reports with token usage rankings, model distribution, and time trends at a glance.

  • Summary cards: total tokens, input/output tokens, active users
  • Trend charts: daily request volume and token usage with dual Y-axis
  • Ranking tables: user token ranking Top 10, key token ranking Top 10
  • One-click CSV export, ready for Excel

Secure Credential Storage

All API keys and auth credentials encrypted with AES-256. Masked display. Zero risk of leakage.

  • AES-256 encrypted API Key / Secret storage
  • Masked credential display — first and last characters only
  • SHA-256 hash verification to prevent tampering
  • Keys never touch disk — securely distributed to gateway memory
Detection Pipeline

Complete Detection Chain from Request to Response

Input → Review → Forward → Output → Audit — five steps to protect AI security

1

User Sends Request

User initiates an LLM call through an AI app. The Prompt enters the compliance detection pipeline via the gateway.

2

Input Security Check

PII detection module scans for sensitive info in the Prompt. Injection defense module detects attack behavior. Block or mask per policy.

3

Forward to LLM

Requests passing security checks are forwarded to upstream LLM providers. Gateway handles key replacement and load balancing.

4

Output Content Moderation

LLM responses are scanned by the content moderation module. Sensitive word hits trigger block or replace per policy, ensuring output compliance.

5

Audit Recording & Reporting

Complete request/response info is async-written to Kafka → audit log database. Compliance reports provide token trend analysis and rankings.

Comparison

Traditional Approach vs Compliance Engineering

Unify security and compliance at the gateway layer — zero application code changes

Focus AreaTraditional ApproachCompliance Engineering
PII ProtectionDevelopers write regex checks in code — scattered rules, frequent omissionsUnified rule set at gateway layer — one config applies to all keys, auto masking
Injection DefenseRelies on Prompt Engineering — easily bypassed simple blacklistsMulti-category rule engine covering override/leak/encoding/repetition attack surfaces
Content ModerationManual spot-checking or post-hoc review — non-compliant content already seen by usersReal-time moderation with instant blocking — block/replace/alert strategies
Audit TrailLogs scattered across systems — troubleshooting requires logging into multiple platformsUnified audit logs with full field recording — one-click search, auto-generated reports
Compliance ReportsManually export data from multiple systems, stitch together in Excel — inefficientOne-click complete reports — rankings/trends/distribution all covered, export-ready
Credential MgmtKeys stored in plaintext in code or config filesAES-256 encrypted storage, masked display, keys never touch disk
Rule Hot-ReloadRule changes require service redeploymentRule config takes effect in real time — no restart, no service interruption

AI Security Starts at the Gateway

PII masking, injection defense, content moderation, audit reports — four capabilities in one unified solution. Zero code changes required. Start your AI security and compliance journey today.