SurePath AI provides sensitive data detection on the most commonly used public GenAI services. To identify which services support prompt intercept, navigate to Public Services in the GOVERN section of the Admin UI. Services that display PROMPT INTERCEPT support can be fully monitored and governed with sensitive data controls. The Public Service Catalog is continuously updated as new services are discovered and evaluated for intercept capabilities.

SurePath AI uses two complementary mechanisms to detect sensitive data in prompts and responses. Content Controls inspect requests for risky patterns including harmful content, prompt injection, high-risk heuristics, code, and confidential data. PII Detection focuses specifically on personally identifiable information entities such as phone numbers, credit card numbers, email addresses, Social Security numbers, person names, and others. Organizations can filter PII entities by compliance category including GDPR, CCPA/CPRA, PCI/DSS, HIPAA, GLBA, and FERPA. Detection supports multiple actions including Monitor, Warn, Tag, Mask, Delete, Synthesize, and Block, allowing organizations to balance security requirements with user productivity.

SurePath AI stores conversation data encrypted internally in a database with configurable retention periods. By default, data retention is set to indefinite, but organizations can adjust retention periods to align with their data governance policies. Organizations can also export this data to external telemetry destinations for independent management. Once exported to external destinations, the organization is responsible for securing and managing the data lifecycle. SurePath AI cannot delete information from customer-managed external destinations.

SurePath AI supports exporting telemetry data to multiple destination types including AWS S3 buckets, Splunk HEC indexes, and generic HTTPS endpoints. Organizations can configure telemetry destinations to export User Events and Audit Events automatically. Exported data is delivered in NDJSON format with gzip compression, organized by UTC timestamps for easy integration with SIEM and log management tools. The platform uploads new telemetry files every 15 minutes, providing near-real-time visibility into GenAI usage and policy enforcement across the organization.

Yes, SurePath AI acts as a proxy for public GenAI services to intercept and govern requests before they reach external providers. This proxy architecture enables prompt inspection, sensitive data detection, content controls, and comprehensive audit logging. The Private Portal operates differently—users access it directly without proxy interception because it connects to models contracted and operated by the organization within their own cloud environment.

No. SurePath AI performs all sensitive data detection and remediation natively within the platform. The system does not require or depend on external data leak protection platforms to identify and handle sensitive information in GenAI interactions. This integrated approach ensures consistent policy enforcement and reduces the complexity of managing multiple security tools.

SurePath AI provides two levels of governance for public GenAI services. Services with PROMPT INTERCEPT support allow SurePath AI to inspect, log, and modify user prompts and AI responses, enabling sensitive data detection, content controls, and policy enforcement before requests reach the external service. Services with ACCESS CONTROL support can only be allowed or blocked based on policy, but SurePath AI cannot record, evaluate, or prevent sensitive data from being transmitted to these sites. Organizations should remind users that ACCESS CONTROL sites do not provide the same level of data protection as PROMPT INTERCEPT sites.

With the proper technical resources on a call, SurePath AI can be deployed in less than an hour. The deployment process integrates with existing security infrastructure through SASE vendor-specific forward proxy chaining, proxy PAC distribution, or other network integration methods. Organizations can begin with monitoring-only configurations to understand GenAI usage patterns before progressively implementing stronger controls and policies.

SurePath AI can typically add new public GenAI services to the catalog in less than a day when requested. Organizations should submit the URL of the new service to SurePath AI for evaluation and inclusion. New services are initially added with ACCESS CONTROL support, with PROMPT INTERCEPT capabilities evaluated and added based on technical feasibility and customer demand.

SurePath AI continuously updates the Public Service Catalog as new GenAI services are discovered or brought to the team's attention. Updates can occur at any time as the GenAI landscape evolves. Organizations using network redirection tools should plan to update their configurations periodically—typically no more than once per week unless a specific service requires immediate governance. The Admin UI always reflects the current catalog, and admins can enable or disable services as they become available.

Yes. SurePath AI provides the capability to redirect users from public GenAI sites to alternative destinations. Organizations can redirect users to the SurePath AI Private Portal or to a URL of their choice, including another public GenAI service. This feature is particularly useful for organizations that have purchased enterprise AI licenses and want to steer users toward approved, contracted services instead of allowing access to unmanaged public tools.

SurePath AI can detect multiple HIPAA-tagged PII entities including phone numbers, email addresses, Social Security numbers, passport numbers, driver's license numbers, medical license numbers, and other identifiers relevant to HIPAA compliance. Admins can filter PII entities by compliance category in the Admin UI to view and enable the specific HIPAA-related entities appropriate for their use case. Each entity can be individually enabled or disabled, and a global action applies to all enabled entities including Monitor, Warn, Tag, Mask, Delete, Synthesize, or Block.

Custom sensitive data types are not currently supported. In the future, SurePath AI will add the capability for organizations to define and add their own fields to the existing PII Detection list. Organizations needing custom detection patterns should contact SurePath AI to discuss their specific requirements and timeline for this capability.

Sensitive data controls do not currently apply to the Private Portal. The Private Portal connects to foundation models that are contracted by the organization with their cloud provider and do not train on or retain customer data. These models should be treated as internal resources similar to other enterprise systems and typically do not require the same level of data redaction as public services. SurePath AI can add sensitive data detection for the Private Portal in the future if organizations have specific use cases that require this capability.

No. SurePath AI does not currently have the capability to control which specific LLM version or model variant users select when interacting with public GenAI services. Organizations can control access to entire services through the Public Service Catalog, but granular model version control within those services is not supported at this time.

SurePath AI does not train on customer data or retain information for training purposes. The platform stores user activity logs and conversation data to enable retrieval, auditing, and analytics for customers. Organizations can configure their own data retention period based on their compliance and business requirements. By default, retention is set to indefinite, allowing organizations to maintain historical data for as long as needed. Organizations can also export telemetry data to their own external destinations for independent management and long-term retention.

SurePath AI helps organizations meet obligations under multiple compliance frameworks by limiting personal and confidential data sent to external AI services and producing auditable records of usage. The platform provides relevant support for GDPR and CCPA/CPRA privacy regulations, HIPAA healthcare data protection, PCI DSS payment card security, GLBA financial services privacy, and FERPA education records protection. PII Detection entities are tagged with compliance category indicators to help organizations identify and enable detection for entities relevant to their regulatory requirements. The platform also supports organizational programs aligned with ISO 27001, NIST 800-53/171, DORA, and AI Act readiness.

SurePath AI is SOC2 Type 1 certified, and SOC2 Type 2 certification is currently underway. These certifications demonstrate the platform's commitment to maintaining comprehensive security controls for availability, confidentiality, and processing integrity. Organizations evaluating SurePath AI can request current certification documentation and audit reports through their account team.

SurePath AI does not currently support GovCloud or FedRAMP deployments. However, if customers require these specialized deployment environments, SurePath AI will work with them to implement the necessary compliance and infrastructure requirements to support their needs.

Yes. SurePath AI operates with a single tier of service, and all customers have access to the complete set of features and functionality offered by the platform. There are no feature restrictions or tiered licensing models. Organizations can leverage the full capabilities of SurePath AI including public service governance, Private Portal access, sensitive data detection, policy management, telemetry export, and all integration options.

Data Sources use role-based access control through directory services integration. Users are assigned to groups in the organization's directory services (such as Microsoft Entra or other identity providers), and those groups are then mapped to specific Data Sources within SurePath AI. When users access the Private Portal, they can only query and retrieve information from Data Sources that their assigned groups have been granted access to, ensuring that sensitive organizational data remains protected according to existing access control policies.

The SurePath AI Private Portal is a personalized interface that provides users with access to foundation models and AI capabilities deployed within the organization's own cloud environment. The portal connects to models contracted by the organization with their cloud provider, enabling employees to leverage advanced AI capabilities while maintaining complete control over data privacy and model access. The portal supports features including conversation history, file uploads, data source integration through retrieval augmented generation (RAG), and customizable assistants tailored to specific organizational workflows.

The Private Portal operates through direct access rather than proxy interception. When users access the Private Portal, they connect directly to foundation models that are contracted and operated by the organization within their own cloud infrastructure. These models do not train on or retain customer data, making them more appropriate for sensitive use cases. In contrast, public service governance relies on proxy architecture to intercept traffic destined for external AI providers, enabling SurePath AI to inspect prompts, detect sensitive data, and enforce policy before requests leave the organization's environment.

The Private Portal does not require sensitive data controls in most cases. Because the portal connects to foundation models contracted by the organization with their cloud provider that do not train on or retain user data, these resources should be treated similarly to other internal enterprise systems. Organizations typically do not need data redaction for queries to their own private models. However, SurePath AI can add sensitive data detection capabilities for the Private Portal in the future if organizations identify specific use cases that require this additional layer of protection.