Compliance Config
One-stop AI security compliance solution. Automatic sensitive information masking, real-time injection attack blocking, output content compliance review, one-click audit report export. Embed security compliance capabilities at the API gateway layer — AI apps get PII detection, prompt defense, content moderation, and full-link auditing without any code changes.
Overview
The compliance system is a built-in security module of the AI gateway, implementing real-time request/response detection and filtering at the gateway proxy layer. All AI requests go through the compliance check pipeline before being forwarded to LLMs. Responses returned by LLMs are also content-reviewed before reaching users. From input to output, from real-time blocking to post-hoc tracing, full-process AI security protection.
Core Capabilities
1. Sensitive Word Check
When enabled, the system automatically detects sensitive words in user input and AI responses. Matched words will be blocked or replaced to prevent inappropriate content from spreading. Supports custom sensitive word dictionaries with Excel batch import or individual addition.
- Custom sensitive word management (add, edit, delete)
- Excel template batch import for sensitive words
- Export existing sensitive word dictionary to Excel
- Bidirectional detection for both request and response
2. PII Privacy Masking
When enabled, the system automatically identifies and masks personal privacy information (PII) in conversations, including but not limited to: ID numbers, phone numbers, bank card numbers, email addresses, etc. Masked content is displayed in a desensitized form to protect user privacy.
- Automatically identify multiple PII types
- Desensitized display to keep sensitive data within the internal network
- Masking completed before requests are sent to LLMs
3. Prompt Injection Blocking
When enabled, the system detects and blocks prompt injection attacks that attempt to bypass AI security restrictions. Such attacks typically use carefully crafted inputs to induce AI to perform unintended behaviors. Enabling this feature effectively improves system security.
- Multiple built-in injection detection rules
- Covers four major attack vectors: instruction override, leakage, encoding, and repetition
- Real-time blocking before requests reach the model
4. Full-link Audit Logs
Records complete information for every AI call, meeting enterprise compliance audit and post-hoc tracing requirements. Logs are asynchronously written to Elasticsearch via Kafka without affecting request latency.
- Full field recording: user, Key, model, Token usage, request/response content
- Multi-dimensional search by time, user, model, keyword, etc.
- Keyword highlighting in content
- Persistent log storage to meet compliance retention requirements
5. Auto-generated Compliance Reports
One-click generation of compliance audit reports with statistical analysis of key metrics including Token usage rankings, model distribution, and time trends.
- Summary cards: total Token, input/output Token, active users
- Trend chart: dual-axis display of daily requests and Token usage
- Model distribution: donut chart showing Token share by model
- User Token ranking Top 10
- Key Token ranking Top 10
- One-click CSV export
Data Flow Architecture
The compliance check pipeline consists of five steps: