Background
We spent years working in security for fintech companies—implementing DLP, handling compliance, and dealing with the day-to-day reality of protecting sensitive data.
When AI tools like ChatGPT became mainstream, we watched employees start pasting customer data, code with API keys, and confidential documents into these services. The same patterns we'd seen with email and cloud storage were repeating, but faster and at scale.
We talked to CISOs and security teams at other companies. They were seeing the same thing. Block AI entirely? Not realistic—people need these tools. Traditional DLP? Too slow and not built for this use case. Training? Helps, but doesn't catch mistakes in the moment.
The Approach
We built PromptDuty based on what we'd learned:
- Intercept in real-time. Catching a leak after it happens doesn't help. We scan prompts before they're sent.
- Don't store the data. We analyse prompts in the browser. Your sensitive data never hits our servers.
- Warn first, block when necessary. Most leaks aren't malicious—they're mistakes. A warning in the moment is often enough.
- Easy deployment. If it's hard to roll out, it won't get used. We built for Intune so you can deploy in minutes.
Where We're At
PromptDuty is live and protecting companies across financial services, legal, healthcare, and tech. We're continuing to add support for more AI platforms and improve our detection.
