Prevention Controls for AI DLP

Once sensitive data is detected, prevention controls must block, mask, or remediate the exposure. AI systems require prevention controls at every stage of the data lifecycle.

Input Prevention

• Input scanning and blocking: Scan user prompts for sensitive data before sending to AI models; block or warn the user
• Data masking: Automatically replace detected PII with tokens before AI processing, then re-substitute in outputs
• Content policies: Enforce rules about what types of data can be sent to which AI services
• Clipboard monitoring: Detect when users paste large amounts of structured data into AI interfaces

Training Pipeline Prevention

• Data scrubbing: Remove or mask sensitive data before it enters training pipelines
• Differential privacy: Add calibrated noise during training to prevent memorization of individual records
• Federated learning: Train models without centralizing sensitive data
• Synthetic data: Generate synthetic training data that preserves statistical properties without real PII

Output Prevention

• Output filtering: Scan AI responses for sensitive data before delivering to users
• Redaction: Automatically redact detected PII from model outputs
• Guardrails: Implement system-level instructions that prevent models from outputting certain data types
• Citation control: In RAG systems, ensure retrieved content respects access controls before inclusion in responses

Enforcement Actions