Protect sensitive data
AI policy enforcement is deciding what an AI tool or agent may send and do the moment it acts, not reviewing it after the fact. Verillian governs requests on the device and acts at the boundary, before content reaches the provider. Real-time control, with a record of what data crossed. The same policy governs a person's chat tool and an autonomous agent, so securing AI agents needs no second system.
Where the control sits
Every request takes the same path. The decision happens on the device, before anything crosses the boundary.
data flow: device to boundary to record
What happens to every request?
Once a tool or agent is under policy, every request it makes resolves to one of three decisions: ALLOW, REDACT, or BLOCK. Each decision is signed into the chain as it is made, so enforcement and evidence arrive together.
Cleared by your policy and forwarded to the provider. Signed into the chain.
Sensitive data detected in the request is masked or removed before the prompt is forwarded.
Denied by your policy. Never forwarded, and the attempt is sealed in the chain.
Around the decision sit the controls that make it yours: tool-call analytics to build policy from real usage, and an org-wide stop that halts all AI traffic across the fleet at once.
How is sensitive data redacted before it leaves?
Sensitive values in an outbound request, whether a person or an agent sent it, are masked on the device the moment it acts, before the request reaches the provider. Detection is configured per institution and is best-effort.
Summarize this patient’s history. SSN 123-45-6789, record MRN-4471902, seen for follow-up Tuesday.
Summarize this patient’s history. SSN •••-••-••••, record MRN-•••••••, seen for follow-up Tuesday.
redaction, representative view
What AI policy enforcement looks like
AI policy enforcement happens the moment a tool or agent acts: sensitive content is redacted or the request is blocked before it leaves the device.
- Before the boundary
- Configurable detection for social security numbers, payment card numbers, medical record numbers, and other types, applied in the request before it reaches the provider. Detection is best-effort, not a guarantee that every value is caught.
- Redact or block
- AI agent and tool permissions are set per institution: which entity types, redact or block, and what sensitivity thresholds apply.
- Any HTTPS tool or agent
- If a tool or agent speaks HTTPS to a provider, Verillian governs what it can do. No plugins, no API wrappers, no change to the tool.
- Provider receives only what policy allows
- Nothing more passes through than your rules permit.
The agent acts. Verillian decides.
Policy enforced on the device the moment a tool or agent acts, before anything crosses the boundary. Your rules, your record, your call. We work with our first institutions on their own endpoints, against their own policies. Thirty minutes shows more than a slide deck ever will.