Compliance Config

One-stop AI security compliance solution. Automatic sensitive information masking, real-time injection attack blocking, output content compliance review, one-click audit report export. Embed security compliance capabilities at the API gateway layer — AI apps get PII detection, prompt defense, content moderation, and full-link auditing without any code changes.

Overview

The compliance system is a built-in security module of the AI gateway, implementing real-time request/response detection and filtering at the gateway proxy layer. All AI requests go through the compliance check pipeline before being forwarded to LLMs. Responses returned by LLMs are also content-reviewed before reaching users. From input to output, from real-time blocking to post-hoc tracing, full-process AI security protection.

Core Capabilities

1. Sensitive Word Check

When enabled, the system automatically detects sensitive words in user input and AI responses. Matched words will be blocked or replaced to prevent inappropriate content from spreading. Supports custom sensitive word dictionaries with Excel batch import or individual addition.

  • Custom sensitive word management (add, edit, delete)
  • Excel template batch import for sensitive words
  • Export existing sensitive word dictionary to Excel
  • Bidirectional detection for both request and response

2. PII Privacy Masking

When enabled, the system automatically identifies and masks personal privacy information (PII) in conversations, including but not limited to: ID numbers, phone numbers, bank card numbers, email addresses, etc. Masked content is displayed in a desensitized form to protect user privacy.

  • Automatically identify multiple PII types
  • Desensitized display to keep sensitive data within the internal network
  • Masking completed before requests are sent to LLMs

3. Prompt Injection Blocking

When enabled, the system detects and blocks prompt injection attacks that attempt to bypass AI security restrictions. Such attacks typically use carefully crafted inputs to induce AI to perform unintended behaviors. Enabling this feature effectively improves system security.

  • Multiple built-in injection detection rules
  • Covers four major attack vectors: instruction override, leakage, encoding, and repetition
  • Real-time blocking before requests reach the model

4. Full-link Audit Logs

Records complete information for every AI call, meeting enterprise compliance audit and post-hoc tracing requirements. Logs are asynchronously written to Elasticsearch via Kafka without affecting request latency.

  • Full field recording: user, Key, model, Token usage, request/response content
  • Multi-dimensional search by time, user, model, keyword, etc.
  • Keyword highlighting in content
  • Persistent log storage to meet compliance retention requirements

5. Auto-generated Compliance Reports

One-click generation of compliance audit reports with statistical analysis of key metrics including Token usage rankings, model distribution, and time trends.

  • Summary cards: total Token, input/output Token, active users
  • Trend chart: dual-axis display of daily requests and Token usage
  • Model distribution: donut chart showing Token share by model
  • User Token ranking Top 10
  • Key Token ranking Top 10
  • One-click CSV export

Data Flow Architecture

The compliance check pipeline consists of five steps:

1.The user initiates an LLM call through an AI application. The Prompt enters the compliance detection pipeline via the gateway.
2.The PII detection module scans for sensitive information in the Prompt. The prompt injection defense module detects attack behavior. Requests are blocked or masked according to policy before being forwarded.
3.Requests that pass security checks are forwarded to the upstream LLM provider. The gateway handles key substitution and load balancing.
4.LLM responses go through the content moderation module. Matched sensitive words are blocked or replaced per policy, ensuring compliant output.
5.Complete request/response information is asynchronously written to Kafka and then to the audit log store. The compliance report module provides Token usage trends and ranking analysis.