AI Security & Compliance — One-Stop Solution
Auto PII masking, real-time injection attack prevention, output content moderation, one-click audit reports
Embed security and compliance at the API gateway layer. AI applications gain PII detection, prompt defense, content moderation, and full audit trail with zero code changes. From input to output, from real-time blocking to retrospective tracing — full-cycle AI security.
Three Typical Use Cases
Covering sensitive data leak prevention, injection attack defense, and AI output compliance moderation
Sensitive Data Leak Prevention
User Prompts to LLMs may inadvertently contain personal privacy data such as ID numbers, phone numbers, and bank cards. The compliance engine auto-detects and masks data before requests leave the network.
Prompt Injection Defense
Malicious users may craft Prompts attempting to jailbreak LLMs or steal system prompts. The compliance engine has built-in injection detection rules that block attacks before they reach the model.
AI Output Content Moderation
LLM responses may contain sensitive or non-compliant content. The compliance engine performs real-time moderation with block, replace, or alert strategies to ensure output compliance.
Six Security & Compliance Capabilities
From input protection to output moderation, from real-time detection to post-incident audit — full-cycle AI security infrastructure
PII Detection & Masking
Auto-detect personal identifiable information at request stage. Four handling modes: block, mask, alert, pass-through.
- Built-in rules: ID card, phone, email, bank card, license plate, passport numbers
- Custom regex rule extension support
- Masking mode auto-replaces with placeholders (e.g. 138****1234)
- Microsecond-level detection — no perceptible latency impact
Prompt Injection Defense
Multi-category injection detection engine covering instruction override, role hijacking, system prompt leakage, and encoding bypass techniques.
- Instruction override: detects "ignore all instructions", "you are now DAN" and similar jailbreak prompts
- System leakage: blocks "print your system prompt" and similar theft attempts
- Encoding bypass: detects Base64/Hex encoded hidden injections
- Repetition attack: identifies context-flooding attacks with massive repeated text
Content Safety Moderation
Aho-Corasick automaton-based multi-pattern matching engine for bidirectional request and response content scanning.
- 7 built-in sensitive word categories: politics, violence, adult, illegal, hate, fraud, self-harm
- Aho-Corasick algorithm — matches thousands of keywords in a single pass
- Four strategies: block / replace / alert / disable
- Tenant-customizable sensitive word lists
Full Audit Trail
Record complete details of every AI call for compliance auditing and retrospective tracing.
- Full field recording: user, key, model, token usage, latency, request/response content
- Async write via Kafka — zero impact on request latency
- Multi-dimensional search by time, user, key, model, etc.
- Persistent log storage meeting compliance retention requirements
Auto-Generated Compliance Reports
One-click compliance audit reports with token usage rankings, model distribution, and time trends at a glance.
- Summary cards: total tokens, input/output tokens, active users
- Trend charts: daily request volume and token usage with dual Y-axis
- Ranking tables: user token ranking Top 10, key token ranking Top 10
- One-click CSV export, ready for Excel
Secure Credential Storage
All API keys and auth credentials encrypted with AES-256. Masked display. Zero risk of leakage.
- AES-256 encrypted API Key / Secret storage
- Masked credential display — first and last characters only
- SHA-256 hash verification to prevent tampering
- Keys never touch disk — securely distributed to gateway memory
Complete Detection Chain from Request to Response
Input → Review → Forward → Output → Audit — five steps to protect AI security
User Sends Request
User initiates an LLM call through an AI app. The Prompt enters the compliance detection pipeline via the gateway.
Input Security Check
PII detection module scans for sensitive info in the Prompt. Injection defense module detects attack behavior. Block or mask per policy.
Forward to LLM
Requests passing security checks are forwarded to upstream LLM providers. Gateway handles key replacement and load balancing.
Output Content Moderation
LLM responses are scanned by the content moderation module. Sensitive word hits trigger block or replace per policy, ensuring output compliance.
Audit Recording & Reporting
Complete request/response info is async-written to Kafka → audit log database. Compliance reports provide token trend analysis and rankings.
Traditional Approach vs Compliance Engineering
Unify security and compliance at the gateway layer — zero application code changes
| Focus Area | Traditional Approach | Compliance Engineering |
|---|---|---|
| PII Protection | Developers write regex checks in code — scattered rules, frequent omissions | Unified rule set at gateway layer — one config applies to all keys, auto masking |
| Injection Defense | Relies on Prompt Engineering — easily bypassed simple blacklists | Multi-category rule engine covering override/leak/encoding/repetition attack surfaces |
| Content Moderation | Manual spot-checking or post-hoc review — non-compliant content already seen by users | Real-time moderation with instant blocking — block/replace/alert strategies |
| Audit Trail | Logs scattered across systems — troubleshooting requires logging into multiple platforms | Unified audit logs with full field recording — one-click search, auto-generated reports |
| Compliance Reports | Manually export data from multiple systems, stitch together in Excel — inefficient | One-click complete reports — rankings/trends/distribution all covered, export-ready |
| Credential Mgmt | Keys stored in plaintext in code or config files | AES-256 encrypted storage, masked display, keys never touch disk |
| Rule Hot-Reload | Rule changes require service redeployment | Rule config takes effect in real time — no restart, no service interruption |
AI Security Starts at the Gateway
PII masking, injection defense, content moderation, audit reports — four capabilities in one unified solution. Zero code changes required. Start your AI security and compliance journey today.