AIDR

AI DETECTION & RESPONSE

AI is already inside your company.

Nobody is watching it.

Every prompt. Every response. Every AI interaction under control. Employees, applications, and autonomous agents operate within a single security layer.

Native sensitive data detection, built-in content moderation, and GDPR compliance.

Supported by

NVIDIA InceptionGoogle for StartupsAI ChamberCyberMadeInPoland
AI ATTACK SURFACE

Language is now an attack vector

The prompt, the model's response, and the agent's actions are now a real attack surface that traditional tools cannot see.

0%

of data breaches involve unauthorized AI use (Shadow AI)

IBM, 2025

0%

of organizations that suffered a breach of an AI model or application had no access controls for those systems

IBM, 2025

33% → 0%

the one-year rise in the share of threat actors using AI in higher-risk attacks

Anthropic, 2026

Shadow AI

Employees paste internal documents into public models, and you have no idea who, when, or what went in.

Prompt injection

A crafted instruction, sent directly or hidden inside content, forces an AI application to act outside its own rules.

Agent hijacking

An autonomous agent performs a privileged action on someone else's command, a password reset or an email change, without checking who is really asking.

Semantic drift

The assistant quietly steps outside its role: an invoicing bot starts advising on unrelated matters or reaching for data beyond its context.

HARDEST TO DETECT: INDIRECT PROMPT INJECTION

The attacker never writes to the model directly. The instruction is hidden inside content the assistant will process anyway: an email, a document, a ticket description, a web page, or a notification. The model reads that content into the same context as the user's commands and runs it as an instruction, even though no one consciously issued it. That is how an agent can send data out or take an action the owner never authorized.

External content and the user's command reach the model as one stream of tokens. The model does not know what is data and what is a command. That boundary has to be enforced outside the model, in real time.

HOW IT WORKS

How Vigil Guard Works

All decisions are made in real time without impacting application performance.

Input

A prompt, a model response, or an agent action reaches Vigil Guard.

Detection

Parallel branches analyze it in a single call, in a few hundred milliseconds.

Decision

The arbiter returns one verdict: ALLOW, SANITIZE, or BLOCK.

ChatGPTSOURCE: PLUGINAI AgentSOURCE: AGENTChatGPTDESTINATION: PLUGINAI AgentDESTINATION: AGENT

What we detect

Prompt injection (direct and indirect) · Language detection · Semantic drift · Content moderation · Sensitive data (PII) · Length Guard (token limit)

Multilingual, global PII: SSN, AU Medicare, UK NHS, IBAN and moreOn-premise and air-gappedFull SIEM integration, cloud and on-premise
Vigil Guard AIDR dashboard showing real-time prompt injection detection stream

Compatible With

OpenAI
Anthropic
Google
Meta
Mistral
n8n
Microsoft
xAI
LiteLLM
Bielik.ai

Complete AI Security Platform

Monitor, control, and secure every AI interaction across your organization, from employee tools to autonomous agents.

Proven Performance

0%1

Indirect / RAG attack detection

0%2

False positives on benign prompts

0%3

Jailbreak detection

Vigil Guard 1.8.x measured against nine public, external benchmarks, listed below. Headline figures: indirect and RAG recall on the peer-reviewed indirect-pia set (ACL 2025), false positives on deepset, jailbreak recall on JailbreakBench. Every number is reproducible from its public source.

  1. 1Indirect / RAG attack detection: 99.2% recall on indirect-pia-detection (Chen et al., ACL 2025), the peer-reviewed indirect and RAG prompt-injection set.
  2. 2False positives on benign prompts: 0.0% on deepset/prompt-injections, 0 of 56 benign prompts blocked.
  3. 3Jailbreak detection: 100% recall on JailbreakBench.

Detecting the hardest attacks: indirect and RAG injection

Attack detection rate on the indirect-pia benchmark. Higher is better.

Vigil Guard 1.8
99.2%
Trained detectors *
97 to 99%
Meta Prompt-Guard
up to 86%
LlamaGuard-3
≤ 39.1%

* Detectors trained on this exact dataset (DeBERTa and Qwen2). Vigil Guard 1.8 reaches this level without being trained on it.

Staying clean on real traffic: over-defense

NotInject benchmark, accuracy on benign prompts. Higher means fewer false alarms.

LlamaGuard-3
99.7%
Vigil Guard 1.8
97.4%
Lakera Guard
87.6%
GPT-4o
86.7%
ProtectAI v2
56.6%
Meta Prompt-Guard
0.9%

LlamaGuard-3 is the only system cleaner here, but it detects under 40% of indirect attacks. Vigil Guard 1.8 is the only one strong on both.

Who It's For

Security Teams

Visibility, control and auditability.

AI / Platform Teams

Security without slowing innovation.

Risk & Compliance

Lower AI risk and improved audit readiness. GDPR compliance.

You can't secure what you don't see.

AI is already part of your environment. Vigil Guard shows every prompt and response and blocks prompt injection and data leaks.