AI agents process sensitive data at machine speed. DAT's egress DLP scanner intercepts PII at four critical points in the agent pipeline, ensuring social security numbers, credit cards, and API keys never leak into LLM context, tool outputs, or long-term memory.
Purpose-built regex scanner with algorithmic validation where pattern matching alone is not enough.
Most DLP tools rely on regular expressions that produce false positives on every 16-digit number. DAT's scanner combines high-precision regex patterns with algorithmic validation. Credit card numbers are verified with the Luhn checksum. API keys are matched against real provider formats. The result is a scanner that catches real PII without flagging your order confirmation numbers.
PII Scanner in Action
==============================
Input (tool output):
"Customer John Smith, SSN
123-45-6789, paid with card
4532015112830366. Contact
at [email protected] or call
(555) 867-5309. Server at
10.0.1.42, key sk-proj-abc123"
After DLP scan (redact mode):
"Customer John Smith, SSN
[SSN_REDACTED], paid with card
[CREDIT_CARD_REDACTED]. Contact
at [EMAIL_REDACTED] or call
[PHONE_REDACTED]. Server at
[IP_ADDRESS_REDACTED], key
[API_KEY_REDACTED]"
Credit Card Validation:
4532015112830366
Luhn checksum: VALID
-> Redacted
1234567890123456
Luhn checksum: INVALID
-> Not flagged (not a real CC)
Scan time: ~0.5ms per 20KBChoose whether to sanitize sensitive data or prevent it from flowing entirely.
Not every PII exposure carries the same risk. A customer email address in a support ticket is different from a credit card number in an LLM prompt. DAT gives you two enforcement modes so you can match the response to the threat level.
Both modes generate SIEM events. Redactions produce severity-4 alerts; blocks produce severity-7. Your SOC team sees exactly what was caught and where.
DLP Policy Configuration
==============================
Redact Mode:
Input: "SSN is 123-45-6789"
Output: "SSN is [SSN_REDACTED]"
Agent: Continues with clean data
SIEM: pii_redacted (severity 4)
Block Mode:
Input: "SSN is 123-45-6789"
Output: ERROR - PII detected
Agent: Must retry without PII
SIEM: pii_blocked (severity 7)
Per-Org Policy:
{
"enabled": true,
"mode": "redact",
"categories": [
"ssn",
"credit_card",
"api_key",
"ip_address",
"passport"
],
"allowlist": [
"10.0.0.0/8",
"[email protected]"
]
}
Allowlisted patterns pass through
without triggering the scanner.PII is intercepted at every stage of the agent pipeline, not just at the output.
A single scan point is a single point of failure. DAT scans data at four separate stages in the agent execution pipeline. Even if PII enters the system through a user's task description, it is caught before reaching the LLM. Even if a tool returns sensitive data, it is caught before being stored in memory.
DLP Scan Points in Agent Pipeline
==============================
1. INBOUND (Task Goal)
User: "Find info on SSN 123-45-6789"
LLM sees: "Find info on [SSN_REDACTED]"
Why: Prevents LLM safety refusal
+ never enters context window
2. TOOL OUTPUT (Observation)
web_search returns page with CC#
Agent sees: [CREDIT_CARD_REDACTED]
Why: Scraped data often contains
PII from public sources
3. CONVERSATION MEMORY (Redis)
Task result stored for follow-ups
Stored as: sanitized summary
Why: "Send that to my wife" can't
resurface redacted data
4. RAG MEMORY (pgvector)
Long-term memory auto-indexed
Embedded as: clean text
Why: Semantic search can't find
PII that was never stored
Each scan: ~0.5ms per 20KB
Total pipeline overhead: <2msEnterprise-grade PII protection for every agent in your fleet. Configurable per-org, enforced automatically.