Prompt security for sensitive data protection

In Privian's usage, prompt security means prompt-level data protection: reducing the personal and sensitive data that ever reaches an LLM provider. It overlaps with LLM security but operates one level closer to the application — at the gateway, where prompts actually leave your network. It is a distinct problem from prompt-injection defense (see scope below).

These are often conflated. They are not the same problem.

1. Step 1

   Inbound

   Your app POSTs a prompt to the Privian gateway with a scoped gateway API key.

2. Step 2

   Detect

   Personal and sensitive entities are detected in the prompt body.

3. Step 3

   Mask

   Detected values are replaced with deterministic placeholders for the request.

4. Step 4

   Route

   Only the masked prompt is forwarded to the configured provider using your BYOK credentials.

5. Step 5

   Rehydrate

   The response is rehydrated inside the gateway before returning to your app.

6. Step 6

   Discard

   The in-request mapping is discarded. No raw prompt or response is persisted.

• Customer support AI

  Summarize tickets and draft replies without forwarding raw customer PII to the provider.

• Internal copilots

  Let employees query external LLMs from internal data without leaking identifiers.

• AI features in SaaS

  Ship product AI features over customer data while shrinking provider exposure.

• Secure prototyping

  Move quickly on prompt design without skipping data-protection review.

• Detection and masking run before any provider call
• Placeholders follow a stable {TYPE}_{N} shape
• Mapping lives in memory for one request, then is dropped
• BYOK credentials decrypted in-process at request time
• Raw prompts and responses are never persisted
• Observability uses structural counters only

• No prompt-injection or jailbreak detection
• No output / response content moderation
• No regulated-compliance claims (HIPAA / SOC 2 / PCI)
• Detection is best-effort over the supported entity set

What is prompt security in Privian's usage?

Prompt security in Privian's usage is prompt-level data protection: detecting and masking personal and sensitive values in prompts before they reach an LLM. It is about what data leaves your network in the prompt body — not about blocking adversarial instructions.

Does Privian stop prompt injection?

No. Privian does not claim to detect or block prompt-injection or jailbreak attempts. Privian focuses on prompt privacy: reducing the sensitive data that ever reaches the provider in the first place.

Does the provider see the original values?

No. Detected entities are replaced with deterministic placeholders before the provider call and restored on the way back.

How is prompt security different from LLM security?

LLM security is the broader category — model abuse, safety, infrastructure. Prompt security focuses on what enters the prompt and what leaves your network as part of the prompt.

Is prompt security the same as PII masking?

PII masking is one mechanism prompt security uses. The Privian beta exposes prompt security via masking and rehydration at the gateway.

• Concepts: Prompt Security
• Concepts: PII Masking
• Glossary: What is prompt security?
• Glossary: What is prompt injection?
• Glossary: What is LLM security?
• Product: PII Masking
• Category: AI Security Layer
• API reference