AI-vendor promises
Self-attested policies with no external verification and no lineage. You're trusting a promise, not a proof.
THE AI DATA BOUNDARY
Sensitive data, protected before AI.
GPT-Shield finds, blocks, or pseudonymizes sensitive data the moment your team sends it to ChatGPT, Claude, Copilot, Gemini — and 30+ more AI tools — then gives security a complete audit trail, without ever storing the secret.
- One engine.
- Every surface.
- Proof, not the secret.
PROMPT
Draft a follow-up to [EMAIL_1] about the overdue invoice. Bill account SSN [SSN_BLOCKED], and authenticate with key [API_KEY_BLOCKED].
▸ safe to send
→ openai
// COVERAGE
One engine. Every major AI tool — from ChatGPT to Copilot.
ChatGPT
Claude
Gemini
Microsoft Copilot
GitHub Copilot
Perplexity
Meta AI
Mistral
DeepSeek
Cohere
Hugging Face
Notion AI
Slack AI
Cursor
Windsurf
Replit
Poe
Ollama
Google AI
+ 30 more
01 — THE NEW DATA BOUNDARY
Every prompt is an uncontrolled data export.
Your people paste customer records, source code, and credentials into AI tools every day. Your DLP never sees it, your policies can't enforce it, and you have no record it happened. The tools you already own were never built for the AI boundary.
Legacy DLP
Not AI-native, not real-time, not local, not boundary-aware. It never sees the prompt that matters.
User training
Unenforceable, and it leaves no audit trail. One distracted paste and the secret is already gone.
02 — ONE ENGINE, EVERY SURFACE
One engine. Every surface. Identical every time.
The GPT-Shield Engine runs on your machine and makes the same decision whether the data comes from a browser, a desktop app, an internal API, or a file. Same input, same policy, same result — with no cloud round-trip to detect.
-
01Normalize
Sees through obfuscation and encoding tricks before anything is checked.
-
02Detect
Validators, checksums & AI models spot 125+ types of sensitive data.
-
03Classify
Scores severity and flags high-risk combinations — name + SSN = critical.
-
04Protect
Block, redact, or pseudonymize — reversibly, without breaking the prompt.
-
05Record
Logs the crossing as proof — the shape and flow, never the value.
BrowserChatGPT · Claude · Gemini
Desktopnative AI apps · tray
Gateway & APIinternal AI traffic
File uploadsattachments & RAG
GPT-SHIELD ENGINE
runs locally
03 — FIVE SHIELDS, ONE ENGINE
Total coverage of the AI boundary.
Five shields, one local engine. Together they cover the prompt going out, the file attached, the response coming back, and the trail it all leaves behind.
DATA-SHIELD
Find & protect sensitive data before it's sent
Email Sarah Lee about the
invoice — SSN 123-45-6789
hover a bar to reveal — green pseudonymized · red blocked
Stops a support rep pasting a customer record into ChatGPT.
FILE-SHIELD
The same protection over every file upload
contract.pdf → key
sk-ant-api03-aF7b…9kP2
removed
hover the bar to reveal what was removed
Stops a PII-laden contract going into a RAG upload.
INPUT-SHIELD
A risk read on every prompt
Flags prompt-injection, jailbreaks, and policy-bypass attempts before they leave.
policy-bypass attempt
RESPONSE-SHIELD
Catch leaks in the AI's reply
Detects reflected secrets and net-new sensitive data the model puts in its response.
reflected secret caught
TRACE-SHIELD
See every crossing — without the secret
"entity_type": "national_id.us_ssn",
"destination": "openai",
"action": "block",
"raw_value_stored": falseGives the CISO a full audit trail of what crossed, when, and where.
04 — TRUST THROUGH RESTRAINT
We protect your data by never holding it.
Core detection runs entirely on your machine — no cloud dependency. We never store raw sensitive values: only salted hashes and token references. Anything we do persist is encrypted with AES-GCM.
Read the full trust center →Runs locally first
Detection needs no network. Your prompts never leave your machine to be scanned.
Never stores raw values
Salted hashes and token references only — the secret itself is never written down.
Encrypted at rest
Anything persisted is AES-GCM encrypted, backed by the OS keychain.
Privacy by design
Deterministic, auditable, and identical on every surface. Proof, not the secret.
05 — ROLLS OUT THE WAY YOU WORK
Deploy in an afternoon. Scale to the whole org.
Start with one team and a browser extension; expand to every surface under central policy. No rip-and-replace, no agents on critical paths you don't control.
Browser extension
Push to Chrome & Edge across the org. Covers ChatGPT, Claude, and Gemini.
Desktop agent
Signed installers for Windows & Mac. Runs quietly in the tray for native AI apps.
Gateway & API
Drop it in front of internal AI traffic and API gateways. OpenAI/Anthropic-compatible.
Per-team → org-wide
One policy engine, every surface. Expand coverage without re-training anyone.
06 — HOW WE COMPARE
Not legacy DLP. Not a vendor's promise.
DLP was never built for the AI boundary, and an AI vendor protecting your data from itself isn't protection. GPT-Shield is the only layer you control.
| Capability | GPT-Shield | Legacy DLP | AI-vendor controls |
|---|---|---|---|
| Sees the actual AI prompt | |||
| Protects before it reaches the model | |||
| Runs locally — your data stays put | |||
| Pseudonymizes (reversible), not just blocks | |||
| Audit trail of every AI crossing | |||
| Never stores the raw value | |||
| Browser, desktop, API & files | |||
| Works across every AI tool |
07 — WHO IT'S FOR
Built for the people on the hook.
One platform, three jobs done — control for the CISO, rollout for security engineering, evidence for compliance.
Prove control, not just policy.
A complete, payload-free audit trail of every AI crossing — evidence for the board and auditors, not a vendor's promise.
Deploy once, govern everywhere.
One policy engine across browser, desktop, and gateway — boundary-aware rules, tunable false positives, no agents on paths you don't control.
Evidence on demand.
Local-first processing and proof a sensitive value never left the building — ready for regulators, DPAs, and data-residency requirements.
0types of sensitive data detected
0typical detection per prompt
0raw sensitive values ever stored
0shields, one local engine
08 — QUESTIONS, ANSWERED
The questions security teams ask first.
Do you see our prompts?
No. Core detection runs locally on each machine — prompts are scanned in place and never sent to us to be checked. Optional cloud features only ever receive de-identified signal — classifications and counts — never raw values.
Will it slow down our AI tools?
Detection on a typical prompt is sub-millisecond and happens on-device, so there's no cloud round-trip in the critical path. Users won't feel it.
What about false positives?
Policies are boundary-aware and tunable — a value allowed for an internal model can be pseudonymized for a public one. Reversible pseudonymization means even a cautious redaction never destroys the original.
Is pseudonymization reversible?
Yes. Pseudonymized values map to stable tokens and can be restored for trusted destinations. Blocked values (like credentials) are removed and stay removed.
Can we self-host?
Yes. The gateway is self-hostable and OpenAI/Anthropic-compatible, and the engine runs entirely on your infrastructure. There is no required cloud dependency for protection.
Which AI tools are covered?
ChatGPT, Claude, and Gemini in the browser today, native desktop AI apps via the agent, plus any internal AI or API traffic through the gateway, and file uploads.
We built GPT-Shield because the fastest-moving risk in every company is also the hardest to see: a teammate pasting something sensitive into an AI tool to get their job done. You can't train your way out of it, and you shouldn't have to choose between moving fast with AI and protecting your data.
So we built the layer in between — one that runs on your machine, blocks or pseudonymizes what matters, and proves what crossed the line without ever keeping the secret. That principle isn't a feature; it's the whole point.
Put GPT-Shield between your people and every AI they touch.
See it on your own data in a 20-minute demo — or grab an early-access invite.
No raw data leaves your machine. Ever.