LLM Gateway
Provider-agnostic routing with BYOK. See /products/llm-gateway.
Product · Implementation
A single in-process hop between your application and AI providers.
This page describes how Privian builds the masking, routing and rehydration pipeline. For the category definition and reference architecture, see the educational pillar.
Overview
The AI Security Layer is Privian's product framing for the masking, routing and rehydration layer that sits between your application and AI providers. For the full category definition, architecture and FAQs, see the AI Security Layer category page.
The layer reduces prompt-level exposure before a managed provider call; it does not replace governance, provider review or model-safety controls.
How it works
Framework
Detect
Scan prompts for supported sensitive entities.
Mask
Replace detected values with placeholders.
Route
Forward protected content with customer-owned credentials.
Rehydrate
Restore mapped values before returning the response.
Step 1
Scan inbound prompts for personal and sensitive entities.
Step 2
Replace detected values with deterministic placeholders.
Step 3
Forward the masked prompt using your BYOK credentials.
Step 4
Restore originals in the response inside the gateway.
Example
Before the security layer
Application request: "Review Jane Doe's account, jane@example.com."At the provider boundary
Provider request: "Review PERSON_1's account, EMAIL_1."Composed of
Provider-agnostic routing with BYOK. See /products/llm-gateway.
Detection and replacement of personal and secret entities.
Privacy-focused controls on what leaves your network as a prompt.
In-gateway restore of original values in responses.
FAQ
Enterprise review
Related
Scope
Enterprise review
Trust assets procurement and security teams routinely request.
Plans & pricing
Explore plans for teams building privacy-sensitive AI workflows. Privian is in beta — pricing and limits may change.