The PromptShielder Journal

Honest writing on prompt privacy, LLM governance and the seam between employees and AI.

No thought-leadership fluff. Real controls, real audit questions, real regulator language — from the team building PromptShielder.

Technical

Tokenization vs. Masking vs. Encryption for LLM Prompts

Three techniques, three different threat models, three different failure modes. The one you want for LLM prompts is not the one your database uses.

Oct 21, 20257 min
Vertical Dev

Dev Teams, Copilot, and the Quiet Secret Leakage Problem

Copilot and ChatGPT are the two largest new secret-leak vectors in engineering orgs. Here is the pragmatic mitigation stack that does not slow developers down.

Oct 7, 20257 min
Comparison

ChatGPT vs. Claude vs. Gemini vs. Perplexity: A Data-Retention Breakdown

A blunt side-by-side of what each major consumer LLM does with your prompts as of 2025 — retention, training, human review and enterprise carve-outs.

Sep 23, 20258 min
Governance

Building an AI Acceptable Use Policy Your Employees Will Actually Read

A one-page AI AUP template that ships in three sections — approved tools, disallowed content, incident path — and a discussion of what to leave out.

Sep 9, 20256 min
Vertical Finance

Finance Teams and Safe LLM Usage: MNPI, Deals, and Board Decks

Finance teams have the most concentrated sensitive-data workload in the company. Here is the redaction playbook that keeps LLM productivity without triggering an MNPI event.

Aug 26, 20257 min
Technical

Red-Team Your Prompt Workflow: 7 Attacks Worth Simulating

A small, running list of adversary techniques that specifically target the seam between your employees and the LLM. Use it as a red-team runbook.

Aug 12, 20257 min
Compliance

SOC 2 Evidence for AI Usage: Auditor-Ready in 30 Minutes

Four artefacts your auditor will ask for the first time AI usage comes up in a SOC 2 review — and how to generate them without a six-month project.

Jul 29, 20256 min
Vertical Healthcare

Healthcare AI Note-Taking Without a HIPAA Nightmare

Ambient scribes and LLM assistants are quietly becoming standard in clinical workflows. Here is the redaction pattern that keeps the compliance surface manageable.

Jul 15, 20257 min
Compliance

PCI DSS 4.0 and AI Assistants: The New Cardholder-Data Reality

PCI DSS 4.0 tightens scope and evidence requirements. Pasting a PAN into ChatGPT is a scope-expansion event most merchants have not accounted for.

Jul 1, 20256 min
Technical

Why Regex Alone Can't Catch Modern PII (and What Fills the Gap)

A candid technical look at what regex-based detection misses in 2025, why NER on-device is not a panacea, and the hybrid approach PromptShielder uses.

Jun 17, 20258 min
Vertical Consulting

The Consultant's Guide to Safe Client Prompts

Consultants live in NDAs. Here's how to keep the productivity gain of an LLM without ending up on the wrong side of a confidentiality clause.

Jun 3, 20256 min
Vertical Legal

The Legal Team's ChatGPT Playbook: Redact, Draft, Verify

A three-step workflow legal teams can actually adopt without violating client privilege, court rules or professional conduct obligations.

May 20, 20257 min
Privacy

Client-Side Redaction, Explained (and Why It Beats a Proxy)

A slow walk through the three architectures for prompt PII redaction — server proxy, browser extension, in-page tool — and why the in-page tool is the one that survives contact with real users.

May 6, 20258 min
Compliance

The EU AI Act: What Changes for Everyday LLM Users

The Act is aimed at model providers and deployers, but a lot of its obligations land on the team that pastes personal data into ChatGPT. Here is the short version.

Apr 22, 20256 min
Compliance

HIPAA and LLMs: Can You Legally Paste PHI Into ChatGPT?

The short answer is no. The long answer explains what changes with a BAA, what a covered entity can actually do, and what a redaction control buys you in the audit.

Apr 8, 20257 min
Privacy

Prompt Injection vs. PII Leak: Different Threats, Different Fixes

The two are constantly conflated in security roadmaps. They are not the same problem, they don't share a mitigation, and the controls for one are useless against the other.

Mar 25, 20256 min
Governance

Shadow AI: What Every CISO Missed in 2024

Unmanaged LLM usage is now the biggest unmapped data-exfiltration channel inside enterprises. Here is what the 2024 monitoring numbers show and what the pragmatic response looks like.

Mar 11, 20256 min
Compliance

GDPR & ChatGPT: A Practical Checklist for EU Teams

A workable checklist for teams inside the EU using ChatGPT, Claude and Gemini day-to-day — DPIA triggers, DPA gaps, cross-border transfers and the redaction control that closes them.

Feb 25, 20257 min
Privacy

The 2025 State of PII Leaks in ChatGPT Prompts

How everyday LLM prompts became one of the largest unmonitored data-exfiltration channels — and what actually works to close it.

Feb 11, 20258 min

Stop leaking client data to public AI.

Redact prompts in your browser. Nothing leaves the tab.