PII detection

Detect sensitive data before it spreads.

PII detection answers the next question after intent: What sensitive data is present? It helps teams see when AI interactions involve personal information, secrets, or restricted material.

What sensitive data is present?

3LS gives operators a readable view of when prompts, tool inputs, and outputs include customer data, credentials, or other content that needs extra care.

Personal data

Highlight customer and employee information

Surface names, identifiers, and other personal information when people paste, upload, or transform sensitive material with AI.

Outcome: Reduced accidental exposure

Secrets and credentials

Catch the details that should not move further

Spot tokens, credentials, and similar material inside prompts, tool inputs, and outputs before they spread into the wrong place.

Outcome: Fewer high-impact mistakes

Restricted content

Recognize when business-sensitive material is involved

Bring attention to restricted records and internal material so teams can decide whether to continue, warn, or stop the interaction.

Outcome: Clearer data protection decisions

Operator view

Turn AI interactions into clear decisions

Give security teams a readable trail of what was detected, what it meant, and what action was taken.

Recent findings

Intent, sensitivity, and control outcomes

3 decisions captured

Activity

Intent

Sensitivity

Action

Customer records pasted into an assistant

Data handling

PII detected

Warn

Prompt requests external tool access

Tool use

No sensitive data

Allow

Prompt includes an API token and a request to share it

Data sharing

Secret detected

Block

From the blog

PII Exposure and Detection

Coverage on sensitive-data exposure in AI workflows, where copied records leak, and why runtime detection matters before the prompt leaves the browser.

Documents and eyeglasses on a desk, used for the AI PII exposure article

Data Privacy10 min read

The $4.88M Question on AI PII Exposure

A single paste can become a breach. From Samsung's ChatGPT incident to training data extraction, 26% of organizations are feeding sensitive data to public AI.

Read article →

Hands sorting office paperwork beside a laptop, used for the CISA ChatGPT documents article

Incident Report8 min read

If CISA Can Put FOUO in ChatGPT, Your Exception Process Is the Breach

The story is not a rogue user. It is the exception path. Reports say FOUO contracting files were pasted into public ChatGPT under a temporary exemption, triggering alerts and a DHS review.

Read article →

Person using an email client on a laptop, used for the Claude email exfiltration article

Vulnerabilities10 min read

Claude.ai Email Exfiltration Shows How Assistants Can Leak Inboxes

One copy-paste can clone a repo, read private email, and send it out. This is a real vulnerability, not a demo.

Read article →