AI/ML, Decentralized identity and verifiable credentials

DeepKeep Adds PII Guardrail as Enterprises Shift AI Security Into Production

The PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.

As AI moves from controlled pilots into real business processes, the question of responsibility becomes harder to ignore. AI systems now touch sensitive data, customer interactions, internal applications, and even other AI agents. That change pushes AI risk out of the lab and into day-to-day operations, where existing security controls often fall short.

DeepKeep’s new Personally Identifiable Information (PII) guardrail is designed to address this. The capability adds contextual detection, redaction, and blocking of personal data directly inside AI prompts and responses, helping enterprises manage privacy risk as AI becomes part of core workflows. It is delivered as part of DeepKeep’s broader AI Firewall, which brings multiple AI-specific security controls together under one platform.

AI in production changes who owns the risk

As AI systems begin operating in live environments, ownership of risk starts to shift.

Rony Ohayon, CEO and Cofounder of DeepKeep, told ChannelE2E that responsibility is no longer confined to model builders or data teams.

“As AI moves into production, responsibility becomes increasingly shared between security, data and compliance teams. The risk aspect falls heavily on the security team, because it shifts from affecting model performance to real operational exposure,” Ohayon said. “Once AI interacts with users, sensitive data, enterprise applications, and other AI agents, security teams should become the owners of the ongoing risk management.”

This transition is also changing organizational structures. DeepKeep is seeing the emergence of dedicated AI security teams, driven by the growing complexity of AI ecosystems and the need for continuous oversight beyond initial deployment.

Filling the gap left by traditional DLP

Most enterprises already run mature data loss prevention tools, but those controls were built for structured data flows like email, file storage, and SaaS applications. They struggle to interpret free-form prompts, AI-generated responses, or multimodal interactions.

Ohayon explained where DeepKeep fits into that picture. “Traditional DLPs remain valuable because they protect data at rest and in transit using deterministic rules. However, they were never designed to understand advanced LLM conversations, multimodal prompts, or semantic context,” he said.

DeepKeep positions itself as an AI security control plane that sits between users, agents, applications, and AI models, inspecting interactions in real time. “DeepKeep fills this gap by sitting between users, agents, apps, and any GenAI model as an AI security control plane that evaluates prompts and responses at run time,” Ohayon said. “By governing the interaction layer, where sensitive data and AI reasoning intersect, DeepKeep ensures safe and compliant AI usage across enterprise workflows.”

Rather than simply alerting after the fact, the platform is designed to enforce runtime actions that reduce risk as AI systems operate.

Signals that push enterprises toward AI-specific controls

Adoption of AI security tooling is not driven by a single factor. DeepKeep is seeing a mix of regulatory pressure, internal assessments, and real-world incidents shaping demand.

“We see several triggers driving AI security adoption, varying from regulation to organizations experiencing real incidents or reading about them,” Ohayon said. “One of the signals is when an organization starts moving from the experimental phase of using AI into implementing it into its organizational processes.”

Another common trigger is visibility into unmanaged usage. “Discovery of shadow AI within the organization is another moment when companies realize security measures are needed,” he said.

As AI use cases grow, so does the attack surface. According to Ohayon, early customers are looking for breadth and flexibility, not point solutions.

“Some of the patterns we’re seeing include the need for a broad solution, the ability to enforce a cross-model unified policy, and flexible deployment options such as private clouds and on-prem environments.”

The PII guardrail reflects a broader shift in how companies think about AI security. Instead of adding protections after problems appear, privacy controls are built directly into everyday AI workflows. This allows security, IT, data, and governance teams to work from a shared layer of control rather than separate tools and processes. As AI use continues to expand, security tools need to understand context, apply policies consistently across models, and run continuously in the background. Capabilities like these make it easier for organizations to scale AI use while staying compliant and reducing risk over time.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds