Privian
Get Started

AI Security Layer

The dedicated boundary between your application and an LLM provider where prompts and responses are inspected, masked, and rehydrated.

What it is

An AI Security Layer is a single point in the request path that owns what leaves your trust boundary on the way to an LLM. Instead of every feature in your app implementing its own redaction, the security layer handles it once, deterministically, before any provider call.

Why it matters

  • LLM providers see only what your security layer permits.
  • Detection is centralized and auditable; new entity types ship in one place.
  • Application code stays simple — it talks to one endpoint and never holds provider keys.

How Privian implements it

  1. Requests arrive at POST https://api.privian.io/v1/gateway.
  2. The gateway runs a deterministic detector pass for PII and secrets.
  3. Detected entities are replaced with stable placeholders for the lifetime of the request.
  4. The masked prompt is forwarded to the chosen provider.
  5. The response is rehydrated and returned to the caller.

Raw prompts live only in request memory. They are never logged, persisted, or returned in diagnostic metadata.

Current limitations (beta)

  • Detector coverage is deterministic regex + small validators; ML-based detection is a bounded enhancement, not a primary path.
  • Norwegian fødselsnummer (11-digit national ID) is not yet a first-class entity type and may be detected as a phone number.
  • Native provider token streaming is not exposed; stream: true returns artificial streaming over the rehydrated response.

Related