AI Safety & Governance

A secret in a log line stays in your network,
because the egress scanner sees it first

Prompt Egress Scanner is the outbound boundary between your agents and the LLM provider. Every prompt is scanned for secrets (API keys, tokens, passwords), PII (emails, SSNs, credit cards), and cross-tenant identifiers before it leaves your network. Detected items are redacted in place. Pairs with Prompt Injection Defense to make the prompt boundary watertight in both directions.

Get Started Talk to Sales
app.novaaiops.com / prompt-egress
● LIVE
50+
Detection signatures
< 5ms
Per-prompt scan
Redact
or block, configurable
0
Cross-tenant leakage
What Gets Scanned

Three categories, fifty signatures

The scanner runs three signature categories on every prompt body. Secrets: API keys, OAuth tokens, JWTs, private keys, database passwords. PII: emails, phone numbers, SSNs, credit cards, mailing addresses. Cross-tenant identifiers: tenant ids, user ids, org ids that do not belong to the calling tenant. Each category has a configurable threshold and outcome (redact in place vs block the call entirely).

  • Secrets: 20 signatures: AWS keys, GCP keys, Azure keys, GitHub tokens, Slack tokens, Stripe keys, OAuth, JWT, RSA private
  • PII: 15 signatures: email, phone, SSN, credit card, IBAN, IP-as-PII, addresses, names tagged in the schema
  • Cross-tenant: tenant id, org id, user id, customer id formats, checked against the calling tenant's allowlist
app.novaaiops.com / prompt-egress · categories
Redact in Place

The agent gets to keep working with a clean prompt

For most matches, the scanner redacts the matched substring with a typed placeholder ([API_KEY], [EMAIL], [TENANT_ID]) and lets the prompt continue. The agent receives a slightly-less-specific prompt but can still reason. For high-severity matches (raw private keys, credit cards), the scanner blocks the entire call and records the attempt in Agent Ledger.

  • Typed placeholders: agents see [EMAIL] not "j.doe@acme.com", keeps reasoning grounded without leaking the value
  • Per-category outcome: redact for low risk, block for high risk, configurable threshold per signature
  • Provenance preserved: redacted spans store a hash of the original so audit can confirm the prompt was real
app.novaaiops.com / prompt-egress · redact
Cross-Tenant Strictness

A tenant cannot leak another tenant's ids

Cross-tenant scanning is the strictest layer. Every tenant has an allowlist of identifiers that may appear in their prompts. Anything else gets redacted. This catches the rare case where a log line from one tenant ends up in another tenant's correlation graph (which the data plane prevents, but defense in depth wins).

  • Per-tenant allowlist: tenant ids, user ids, customer ids, tenant's own allowlist updated nightly from their schema
  • Defense in depth: data plane already prevents cross-tenant reads; this is the second layer at the prompt boundary
  • Auto-tested by Safety Auditor: weekly synthetic probes confirm cross-tenant leakage stays at zero
app.novaaiops.com / prompt-egress · cross-tenant
Reporting & SIEM

Same plumbing as Prompt Injection Defense

Egress events ship to your SIEM via the same channel as inbound Prompt Injection Defense. One config, one dashboard. Weekly report covers volume, redacts per category, blocks per category, top sources, and false-positive rate. The report is the data your security team will ask for first.

  • Shared SIEM channel: syslog/CEF or webhook/JSON, Splunk, Elastic, Datadog all work out of the box
  • Weekly digest: volume, redact/block counts, FP rate, top sources, 30-day trend, emailed Monday
  • Tunable per signature: if a signature is causing too many FPs, lower its weight; the change ships in the next nightly refresh
app.novaaiops.com / prompt-egress · siem
Video walkthrough coming soon

Subscribe to Nova AI Ops on YouTube for demos, tutorials, and feature deep-dives.

The boundary your security team will ask about

No prompt leaves your network until it is clean. Audit-ready, SIEM-integrated, weekly reported.

Get Started Request a Demo