The model never sees what it shouldn't.
The AI Firewall intercepts every prompt before it reaches any model, strips sensitive data according to your policy, and reconstitutes it in the response. Three configurable modes per filter category. Custom filter definitions. Complete admin logging.
Three modes. Your policy. Per filter category.
Hard Block
Reject the prompt before it fires. The user receives a clear error explaining what was flagged. The data does not leave your network. The admin log records what was attempted, by whom, against which model.
For SSNs. HIPAA-covered identifiers. Classified technical data. Program names.
User Warning
Surface a warning to the user before the prompt fires. The user sees what was flagged, decides whether to proceed, and the decision is logged with the prompt.
For categories where informed consent matters and the decision needs to be on the record.
Silent Reconstitute
Replace sensitive terms with stand-ins. The model receives a coherent prompt and never sees the originals. The Firewall reconstitutes the original terms in the response so the user reads a complete answer.
For M&A document review. Clinical trial analysis. Competitive research. Any work where the model's correctness depends on context the model is not allowed to keep.
| Category | Examples | Default mode |
|---|---|---|
| PII | Names, addresses, dates of birth, SSNs, email, phone | User Warning |
| PHI | Patient identifiers, diagnoses, treatment records, insurance numbers | Hard Block |
| PCI | Credit card numbers, CVVs, bank accounts | Hard Block |
| Software credentials | API keys, OAuth tokens, passwords, private keys | Hard Block |
| Government identifiers | Passport, driver's license, government ID numbers | User Warning |
| Custom (admin-defined) | Client names, compound codes, project codes, M&A targets | Admin's choice |
Defaults are starting points. Every category is reconfigurable per Model Group. Custom categories accept literal terms, regex, and admin-uploaded term lists.
What silent obfuscation looks like in practice.
A paralegal types: "Review the limitation of liability in this agreement between Meridian Health Services and HealthPath Consulting. Flag anything non-standard."
The AI Firewall intercepts. The names are on the firm's custom filter list. The prompt that fires reads: "Review the limitation of liability in this agreement between [Company A] and [Company B]…"
The model — which has never seen the company names — analyzes the clause and returns a response. The Firewall reconstitutes the company names in the response. The paralegal reads a complete, accurate answer.
Your model never knew. Your user never noticed. Your admin saw everything.
The Firewall is not a regex layer in front of an API call. It is a stateful substitution-and-reconstitution system that maintains semantic coherence in both directions: outbound, the model receives a prompt that is grammatically and referentially intact; inbound, the response is rewritten so references to the stand-ins resolve to the original terms across the entire conversation, not just the first turn.
The patent application covers the architecture for performing this substitution while preserving multi-turn coherence across an arbitrary number of models in parallel. That is the part nobody else does, and the part that makes the Firewall safe to use on real work — not just on toy prompts.
Every Firewall decision is on the record.
Per-prompt detail
For every prompt: original text, transmitted text, categories matched, mode applied, user, model, timestamp.
Per-category telemetry
Catch rate by category. Trend lines. Top users by Firewall events. Which Model Groups trigger which categories most often.
Threshold alerts
Configurable alerts on Firewall event spikes — e.g. "more than 5 PHI Hard Blocks in an hour" — routed to email, Slack, or webhook.
See the AI Firewall live.
20-minute demo. Bring a real document. We'll run it.