Prism-X Browser DLP
Control consumer AI usage with institutional-grade DLP.
Protect corporate data within third-party LLMs: automated PII redaction, real-time guardrail enforcement, and audit-ready reporting for browser-based AI interactions.
Success
Action Blocked, SSN detected
Prism X
Policy you can trust, version, and prove
Cryptographically signed policy with version lineage, real-time distribution, and tamper-resistant enforcement: 'we have a policy' means nothing without integrity guarantees.
- Ed25519-signed policy verified on every poll
- 30-second propagation, force-push for urgent rollouts
- Version lineage: who, when, what changed, version number
- Last-known-good fallback on signature verification failure
The problem
"We have a policy" means nothing without integrity guarantees. A policy that can be tampered with in transit, silently rolled back, or applied without an audit trail fails the moment regulators ask who changed what and when.
Capabilities
What you get with Prism X
Signed distribution
Every policy document delivered to the extension is cryptographically signed by your tenant. The extension verifies the signature before applying rules.
Last-known-good fallback
If signature verification fails due to network tampering, CDN compromise, or misconfiguration, the extension falls back to the last verified policy rather than accepting unverified rules or going unprotected.
Version lineage
Every policy version records who created or modified it, when, what changed (rules added, modified, removed), and a monotonic version number. Queryable history for your change advisory board.
Real-time distribution
Scheduled refresh keeps endpoints current. Push-style signals propagate urgent changes (new credential pattern, emergency block) in minutes. No manual repackaging.
Rule evaluation flow
User send → policy engine evaluates content against active rules in priority order → first matching disposition applies (Allow / Warn / Block / Redact) → decision logged as a structured event.
Operator announcements
Policy can carry human-readable announcements: 'New PHI rules active Monday,' 'Use approved tool for contract review.' Users see them in-browser, no separate email needed.
How it works
From instrumentation to evidence
- 1
Sign every policy
Every policy document delivered to the browser extension is cryptographically signed by your tenant. The extension verifies the signature before applying rules.
- 2
Record version lineage
Each version captures who created or modified it, when, what changed (rules added, modified, removed), and an ascending version number.
- 3
Distribute in real time
Scheduled refresh keeps enrolled devices current; push-style signals propagate urgent changes in minutes. Policy is data, not code.
- 4
Evaluate at send
On a send action, the engine evaluates content against all active rules in priority order. The first matching rule's disposition applies: allow, warn, block, or redact.
- 5
Log the decision
Each decision becomes a structured event with rule ID, pattern category, match details, disposition, and the exact policy version that produced it.
What teams use it for
In production, every day
Tampered policy in transit
A CDN compromise alters the policy payload. Signature verification fails, and the extension falls back to the last known good policy rather than accepting unverified rules.
Emergency block
Security publishes a new credential pattern after a vendor key leak. Push-style distribution reaches endpoints within minutes instead of waiting for a packaging cycle.
Operator announcement
Policy carries an in-browser note: "New PHI detection rules active as of Monday." Users see the change without IT sending another email nobody reads.
Trust model
How signed policy holds up
Cryptographic signature
Tenant-signed policy is verified by the extension before rules are applied. Misconfiguration or tampering triggers fallback, not silent acceptance.
Version lineage
Who, when, what changed, and an ascending version sequence give change advisory boards and auditors a queryable history of policy evolution.
Real-time distribution
Scheduled refresh plus push-style signals keep fleets current without repackaging the extension for rule changes.
Operator announcements
Human-readable notes ride alongside policy so users see context in-browser at the moment of enforcement.
Rule evaluation flow
From keystroke to decision
- User types or pastes content into a supported AI chat surface.
- On send action, the engine evaluates content against all active rules in priority order.
- First matching rule's disposition applies: allow, warn (overlay, let user proceed), block (overlay, prevent send), or redact (replace sensitive spans, allow modified version).
- Decision is logged as a structured event with rule ID, pattern category, match details, and disposition.
Built for Security, IT
Related capabilities
AI DLP: Data Loss Prevention Rules for ChatGPT, Claude, Gemini
Pattern-based and contextual detection for PII, PHI, credentials, and confidential markers, with validators that reduce false positives and priority ordering that keeps outcomes explainable.
Enterprise AI Extension Deployment: Intune, Google Admin, Jamf
Enterprise configuration via MDM: push policy keys, API endpoints, and trust material to managed browsers without touching individual machines.
DLP Coverage: ChatGPT, Claude, Gemini, Copilot
Prism X integrates with the browser-based AI tools your workforce already adopted: not a theoretical list, but the chat and upload surfaces people use daily.
Prism: AI Observability and Governance Platform
PRISMtrace is the observability and governance platform for teams running LLMs and AI agents in production. Capture traces, enforce guardrails, evaluate quality, and generate compliance evidence from one platform.
Start tracing in 5 minutes
One SDK. Five minutes. Full audit trails, PII redaction, and guardrail enforcement, from day one.