Article · Internal Copilots
Secure AI features for SaaS products
Shipping AI features in a multi-tenant SaaS product without exposing one customer's data to another — or to the LLM provider.
8 min read · Updated May 20, 2026
Shipping AI in multi-tenant SaaS is harder than it looks
AI features in a SaaS product have to satisfy three audiences at once: your end users (the feature should be useful), your customers (their data should stay theirs), and your security reviewers (the data flow needs to be defensible). Most "we added AI" launches optimize for the first and discover the other two later.
A defensible shape
- Tenant isolation in your application. Each request only ever reads data the calling tenant owns.
- Masking at the gateway. Whatever data you do send gets substituted before it leaves your perimeter.
- No body retention. Observability captures metadata, not prompts or responses.
- BYOK option. Customers who want to control the underlying provider relationship can provide their own key, encrypted at rest.
- Honest claims. Tell prospects what the gateway does, what it does not do, and where your own controls take over.
What to say in a security review
- Customer data in AI prompts is masked into deterministic placeholders before being forwarded to the model provider.
- The mapping between raw values and placeholders is held in memory for the duration of a single request and discarded after the response is rehydrated.
- Prompt and response bodies are not persisted by the gateway. Request metadata (model, latency, masked-entity counts) is recorded for operational purposes.
- Provider credentials, when supplied via BYOK, are encrypted at rest with AES-GCM.
- Gateway API keys are stored as SHA-256 hashes.
What not to claim
Privian's beta does not claim HIPAA, SOC 2, or PCI compliance, and your product should not piggyback on certifications Privian does not hold. It also does not currently defend against prompt injection or jailbreak attempts. Be precise about scope.
How Privian fits
Privian provides the masking, routing, and credential layer for the AI features in your SaaS. Your application stays in charge of tenancy and product logic. See AI Features for SaaS for the worked example.
Try Privian during beta
Protect prompts before they reach GPT, Claude and other models.
BYOK · Zero retention · Provider-agnostic. Privian is currently in beta — pricing and limits may change.
FAQ
Frequently asked questions
- How do I keep tenant A's data out of tenant B's prompts?
- Tenancy is your application's job — only fetch the data the requesting tenant owns. The gateway protects against a different risk: that whatever you do fetch gets exposed to the model provider.
- What do I tell prospects about how their data is handled?
- If you use Privian: customer data is masked before it reaches a third-party model, the gateway does not persist prompt or response bodies, and provider credentials are encrypted at rest. Avoid claiming HIPAA, SOC 2, or PCI compliance unless you have your own attestation.
- Can I let customers bring their own provider key?
- BYOK at the customer level is application-specific — your product would need to surface it. Privian supports BYOK at the account level today and stores credentials encrypted with AES-GCM.
More articles
Continue reading
Internal Copilots
How to build secure internal copilots
A reference architecture for internal copilots that lets employees query LLMs without exposing customer or employee data to the provider.
Prompt Security
What is prompt security?
A practical definition of prompt security, how it differs from prompt injection defense, and the controls that actually reduce risk before a prompt reaches the model.
Prompt Security
How to secure prompts before they reach GPT
Concrete patterns for sanitizing, masking and routing prompts before they hit a provider — without rewriting your app.