Prism-X Browser DLP
Control consumer AI usage with institutional-grade DLP.
Protect corporate data within third-party LLMs: automated PII redaction, real-time guardrail enforcement, and audit-ready reporting for browser-based AI interactions.
Success
Action Blocked, SSN detected
Prism X
Rules that match what regulated data actually looks like in the wild
Pattern-based and contextual detection for PII, PHI, credentials, and confidential markers, with validators that reduce false positives and priority ordering that keeps outcomes explainable.
- Built-in catalog: credentials, financial, government, healthcare, legal
- Validators: Luhn (cards), ABA (routing), IBAN, VIN, format checks
- Column-header-aware scanning for CSV and XLSX uploads
- Priority-ordered evaluation with explainable outcomes
The problem
Regex alone over-fires on benign content and misses narrative PHI. Pure keyword rules miss obfuscated data, and cell-level scans miss the raw data export uploaded as a tabular file. DLP rules have to match what regulated data actually looks like in the wild.
Capabilities
What you get with Prism X
Built-in detection catalog
Credentials (AWS, GCP, Azure, Stripe, GitHub), financial data with Luhn validation, government identifiers, healthcare patterns (MRN, NPI), and legal / confidentiality markers.
Rule types
Domain allow / deny, file-type blocks, keyword match, regex / DLP patterns, and contextual detection for narrative-style sensitive content that pure regex misses.
File and spreadsheet awareness
CSV and XLSX uploads scanned for column headers: a column named 'SSN', 'DOB', 'MemberID', or 'PatientName' triggers escalation even if individual cell values don't match a regex.
Validated detectors
Luhn for credit cards, ABA for routing, IBAN checksum, VIN, area-number validation for SSN. False positives kept low by validators, not just regex.
Priority and explainability
Rules evaluate in defined priority order; highest-priority disposition wins. Every decision logged with rule ID, pattern category, and match location, so 'why was I blocked?' gets a clear answer.
Custom regex and tuning
Extend the catalog with domain-specific patterns for policy numbers, claim IDs, internal account formats. Tune detection thresholds per rule.
How it works
From instrumentation to evidence
- 1
Configure rule types
Operators compose policy from domain allow / deny, file-type blocks, keyword match, regex / DLP patterns, and contextual detection for narrative content.
- 2
Layer validators
Built-in detectors apply checksum and structural validation (Luhn for credit cards, SSN area-number validation) to reduce false positives.
- 3
Inspect files and headers
For CSV and XLSX uploads, Prism X reads column headers. A column named SSN, DOB, MemberID, or PatientName triggers escalation even when cells don't match a regex.
- 4
Resolve by priority
Rules evaluate in defined priority order. When multiple rules match, highest-priority disposition wins. Every decision logged with rule ID and match location.
What teams use it for
In production, every day
API key in a debugging prompt
An engineer pastes a stack trace containing an AWS access key into ChatGPT. Credential pattern detection matches and blocks the send.
Patient roster uploaded as CSV
An ops user uploads a CSV export with PatientName, MRN, and DOB columns. Header-aware file scanning escalates the upload regardless of cell content.
Privileged document content
A user pastes text containing ATTORNEY-CLIENT and PRIVILEGED markers. Keyword rules flag the content, and the user sees an explanatory overlay.
Rule types
Rules that operators can configure
| Rule type | What it does | Example |
|---|---|---|
| Domain allow / deny | Control which AI destinations are permitted | Allow chat.openai.com, block unvetted-ai-tool.com |
| File-type blocks | Prevent upload of specific file types | Block .csv and .xlsx uploads to AI tools |
| Keyword match | Flag or block content containing specific terms | Block prompts containing CONFIDENTIAL, ATTORNEY-CLIENT |
| Regex / DLP patterns | Detect structured sensitive data | SSN (XXX-XX-XXXX), credit cards, routing numbers |
| Contextual detection | Fuzzy matching for narrative-style sensitive content | PHI-like clinical narratives that pure regex misses |
Rule type
Domain allow / deny
What it does
Control which AI destinations are permitted
Example
Allow chat.openai.com, block unvetted-ai-tool.com
Rule type
File-type blocks
What it does
Prevent upload of specific file types
Example
Block .csv and .xlsx uploads to AI tools
Rule type
Keyword match
What it does
Flag or block content containing specific terms
Example
Block prompts containing CONFIDENTIAL, ATTORNEY-CLIENT
Rule type
Regex / DLP patterns
What it does
Detect structured sensitive data
Example
SSN (XXX-XX-XXXX), credit cards, routing numbers
Rule type
Contextual detection
What it does
Fuzzy matching for narrative-style sensitive content
Example
PHI-like clinical narratives that pure regex misses
Built-in detection catalog
Patterns that ship with Prism X
Credentials
API keys (AWS, GCP, Azure, Stripe, GitHub), tokens, connection strings, passwords.
Financial identifiers
Credit card numbers with Luhn validation, routing numbers, account numbers, SWIFT / BIC codes.
Government identifiers
SSN with area-number validation, tax IDs, passport numbers, driver's license patterns.
Health-care patterns
MRN formats, NPI numbers, member IDs, clinical terminology markers.
Legal and confidentiality
Privilege markers, NDA indicators, classification labels.
Priority and explainability
Every decision is logged with the rule ID, pattern category, and match location. When a user asks "why was I blocked?" and an auditor asks "what controls fired?", both get a clear answer.
Regulatory alignment
Built for Security, Compliance, IT
Related capabilities
Enterprise AI Extension Deployment: Intune, Google Admin, Jamf
Enterprise configuration via MDM: push policy keys, API endpoints, and trust material to managed browsers without touching individual machines.
DLP Coverage: ChatGPT, Claude, Gemini, Copilot
Prism X integrates with the browser-based AI tools your workforce already adopted: not a theoretical list, but the chat and upload surfaces people use daily.
AI Prompt Policy Engine: Signed, Versioned, Real-Time
Cryptographically signed policy with version lineage, real-time distribution, and tamper-resistant enforcement: 'we have a policy' means nothing without integrity guarantees.
Prism: AI Observability and Governance Platform
PRISMtrace is the observability and governance platform for teams running LLMs and AI agents in production. Capture traces, enforce guardrails, evaluate quality, and generate compliance evidence from one platform.
Start tracing in 5 minutes
One SDK. Five minutes. Full audit trails, PII redaction, and guardrail enforcement, from day one.