Prism AI Observability
AI observability built for compliance teams.
Every LLM call captured, scored, and stored with PII scrubbed before it lands in your database. Regulator-ready exports in under 60 seconds.
- #4821Credit Risk Query1.3s5/5PII redacted
- #4820Underwriting Decision0.9s3/5Drift detected
- #4819Policy Lookup0.4s5/5Grounded
Audit pack ready
47 traces · 60s export
Prism
Stop sensitive data and unsafe content before it reaches users, or leaves your system
Real-time detection and enforcement for PII, PHI, prompt injection, content policy violations, and off-topic responses, scoped per agent, per project, per knowledge base.
- Inbound scanning: prompts evaluated before reaching the model
- Outbound scanning: responses evaluated before reaching the user
- Four actions per rule: Allow, Flag, Block, Redact
- Six detection categories with format and checksum validation
The problem
LLMs do not know your data classification policy. A customer pastes a Social Security number into a support chat. An agent hallucinates a real patient name from training data. A prompt injection tricks your bot into revealing system instructions. Without guardrails, these failures are silent until they are not.
Capabilities
What you get with Prism
Government identifiers
SSN, tax IDs, passport numbers, driver's license. Format and checksum validation where applicable.
Financial data
Credit card numbers (Luhn-validated), routing numbers, account numbers, SWIFT and IBAN codes.
Health identifiers
MRN, member IDs, NPI numbers. Format-aware patterns calibrated for clinical data.
Credentials
API keys, tokens, connection strings, passwords. Provider-specific patterns for AWS, GCP, Azure, Stripe, GitHub.
Legal and content safety
Attorney-client privilege markers, NDA-tagged content, and classifier-based detection of policy-violating content.
Scoping and priority
Rules scope to specific agents, projects, or knowledge bases. Priority ordering keeps outcomes explainable when multiple rules match.
How it works
From instrumentation to evidence
- 1
Inbound scanning
Prompts from users are evaluated before reaching the model. PII is detected, injection patterns are flagged, and off-topic requests are caught early.
- 2
Outbound scanning
Model responses are evaluated before delivery to users. Sensitive data leakage, policy violations, and content issues are caught before the user sees them.
- 3
Choose an action outcome
Each rule specifies allow, flag (log and continue), block (halt delivery), or redact (replace sensitive spans with category placeholders), so operators choose the friction level per category.
- 4
Scope and tune per surface
Scope rules to specific agents, projects, or knowledge-base topics. Tune detection thresholds and add custom regex for domain-specific identifiers.
What teams use it for
In production, every day
Customer-facing chatbots
Strict PII enforcement on consumer surfaces blocks SSNs, account numbers, and credentials before they leave the system.
Internal research tools
Lighter-touch scoping lets internal users work with sensitive data while still logging redactions for audit.
Regulated workflows
Priority ordering produces predictable outcomes when multiple rules match, so operators can explain exactly why an interaction was blocked.
Detection catalog
Built-in detection categories with validation
| Category | Examples | Validation |
|---|---|---|
| Government identifiers | SSN, tax IDs, passport numbers | Format plus checksum where applicable |
| Financial data | Credit card numbers, routing numbers, account numbers | Luhn check, format validation |
| Health identifiers | MRN, member IDs, NPI numbers | Format-aware patterns |
| Credentials | API keys, tokens, connection strings, passwords | Provider-specific patterns (AWS, GCP, Stripe, GitHub) |
| Legal markers | Attorney-client privilege, confidential, NDA-tagged content | Keyword plus contextual signals |
| Content safety | Harmful instructions, policy-violating content | Classifier-based detection |
Category
Government identifiers
Examples
SSN, tax IDs, passport numbers
Validation
Format plus checksum where applicable
Category
Financial data
Examples
Credit card numbers, routing numbers, account numbers
Validation
Luhn check, format validation
Category
Health identifiers
Examples
MRN, member IDs, NPI numbers
Validation
Format-aware patterns
Category
Credentials
Examples
API keys, tokens, connection strings, passwords
Validation
Provider-specific patterns (AWS, GCP, Stripe, GitHub)
Category
Legal markers
Examples
Attorney-client privilege, confidential, NDA-tagged content
Validation
Keyword plus contextual signals
Category
Content safety
Examples
Harmful instructions, policy-violating content
Validation
Classifier-based detection
PII redaction workflow
When technically viable, users or downstream systems receive a redacted version where sensitive spans are replaced, reducing friction versus a hard block while ensuring regulated data never reaches unintended destinations. Redaction is logged as a trace attribute so compliance can verify what was caught and how it was handled.
Regulatory alignment
Built for Compliance Officers, CISOs, Developers
Related capabilities
LLM Observability: Trace Logging Built for Compliance
Structured traces give you the full story of what your AI said, why it said it, how long it took, and what it cost.
LLM Evaluations: Five-Dimension Automated Quality Scoring
Define quality rubrics, score every interaction, and catch regressions before users do, with automated evaluators that run on every trace or on a schedule you control.
Session Review: Conversation-Level AI Audit View
Compliance officers read sessions like chat transcripts: no JSON, no log parsing, no engineering ticket.
Prism X: AI DLP for Employees Using ChatGPT, Claude, Gemini
Prism X enforces data loss prevention policy in the browser, before prompts and uploads reach third-party AI services. Signed policy, real-time enforcement, audit-grade events.
Start tracing in 5 minutes
One SDK. Five minutes. Full audit trails, PII redaction, and guardrail enforcement, from day one.