AIDR
AI DETECTION & RESPONSE
AI is already inside your company.
Nobody is watching it.
Every prompt. Every response. Every AI interaction under control. Employees, applications, and autonomous agents operate within a single security layer.
Native sensitive data detection, built-in content moderation, and GDPR compliance.
Language is now an attack vector
The prompt, the model's response, and the agent's actions are now a real attack surface that traditional tools cannot see.
of data breaches involve unauthorized AI use (Shadow AI)
IBM, 2025
of organizations that suffered a breach of an AI model or application had no access controls for those systems
IBM, 2025
the one-year rise in the share of threat actors using AI in higher-risk attacks
Anthropic, 2026
Shadow AI
Employees paste internal documents into public models, and you have no idea who, when, or what went in.
Prompt injection
A crafted instruction, sent directly or hidden inside content, forces an AI application to act outside its own rules.
Agent hijacking
An autonomous agent performs a privileged action on someone else's command, a password reset or an email change, without checking who is really asking.
Semantic drift
The assistant quietly steps outside its role: an invoicing bot starts advising on unrelated matters or reaching for data beyond its context.
The attacker never writes to the model directly. The instruction is hidden inside content the assistant will process anyway: an email, a document, a ticket description, a web page, or a notification. The model reads that content into the same context as the user's commands and runs it as an instruction, even though no one consciously issued it. That is how an agent can send data out or take an action the owner never authorized.
External content and the user's command reach the model as one stream of tokens. The model does not know what is data and what is a command. That boundary has to be enforced outside the model, in real time.
How Vigil Guard Works
All decisions are made in real time without impacting application performance.
Input
A prompt, a model response, or an agent action reaches Vigil Guard.
Detection
Parallel branches analyze it in a single call, in a few hundred milliseconds.
Decision
The arbiter returns one verdict: ALLOW, SANITIZE, or BLOCK.
What we detect
Prompt injection (direct and indirect) · Language detection · Semantic drift · Content moderation · Sensitive data (PII) · Length Guard (token limit)

Compatible With
Complete AI Security Platform
Monitor, control, and secure every AI interaction across your organization, from employee tools to autonomous agents.
Proven Performance
Indirect / RAG attack detection
False positives on benign prompts
Jailbreak detection
Vigil Guard 1.8.x measured against nine public, external benchmarks, listed below. Headline figures: indirect and RAG recall on the peer-reviewed indirect-pia set (ACL 2025), false positives on deepset, jailbreak recall on JailbreakBench. Every number is reproducible from its public source.
- 1Indirect / RAG attack detection: 99.2% recall on indirect-pia-detection (Chen et al., ACL 2025), the peer-reviewed indirect and RAG prompt-injection set.
- 2False positives on benign prompts: 0.0% on deepset/prompt-injections, 0 of 56 benign prompts blocked.
- 3Jailbreak detection: 100% recall on JailbreakBench.
The nine public benchmarks
Detecting the hardest attacks: indirect and RAG injection
Attack detection rate on the indirect-pia benchmark. Higher is better.
* Detectors trained on this exact dataset (DeBERTa and Qwen2). Vigil Guard 1.8 reaches this level without being trained on it.
Staying clean on real traffic: over-defense
NotInject benchmark, accuracy on benign prompts. Higher means fewer false alarms.
LlamaGuard-3 is the only system cleaner here, but it detects under 40% of indirect attacks. Vigil Guard 1.8 is the only one strong on both.
Who It's For
Security Teams
AI / Platform Teams
Risk & Compliance
You can't secure what you don't see.
AI is already part of your environment. Vigil Guard shows every prompt and response and blocks prompt injection and data leaks.