VamiGuard is the leading data-loss-prevention platform purpose-built for generative AI. Detect, redact, govern and audit every prompt — across browsers, desktop apps, IDEs and APIs, centrally managed, sovereignly hosted on Open Telekom Cloud.
Microsoft Edge · coming soon
The category-defining DLP for generative AI
VamiGuard delivers the four DLP capabilities every responsible GenAI deployment requires — from the first keystroke to the audit report.
Sensitive data is detected the moment it is typed — patterns, named entities, semantic context.
Tokens are replaced with placeholders before the prompt leaves the endpoint. The mapping stays local.
Central policies decide whether a finding is monitored, alerted, soft-blocked or hard-blocked — per group and channel.
Every decision is logged in pseudonymised form and is exportable to Splunk, Sentinel, QRadar or Elastic.
Built-in patterns cover the data types your auditors ask about — custom patterns can be added freely. New patterns roll out without redeployment.
Every pattern is switchable per group. Detected values receive a stable placeholder such as <EMAIL_1>, mapped consistently across the conversation.
Add plain-text terms (project codenames, internal product names) or full regex. Patterns can be imported and exported as YAML across teams.
When Claude or ChatGPT returns a code snippet that references <TOKEN_1>, VamiGuard transparently substitutes the original value back — the user gets working code, the LLM never saw the value.
<TOKEN_1>Most input is harmless and is cleared in milliseconds. Only truly ambiguous content reaches the deepest layer — low latency, high accuracy.
Email, IBAN, credit cards, AWS keys, JWT, GitHub tokens, passwords. Runs entirely on device — the prompt never leaves it.
A local NER model recognises people, organisations, addresses, project names — augmented by your own word lists.
Only ambiguous prompts reach the EU-hosted guard model — already pre-redacted. Categories are configurable per tenant.
Every detection rule binds to one of four response modes. Different groups, channels and times of day can run different modes simultaneously.
Silent observation. Events are logged for reporting. Ideal for the learning phase.
Visible warning. The user can still submit. Optionally with a notification to manager or SOC.
Submit is paused. The user enters a written justification — auditable and retrievable.
The submit path is removed. Three-layer enforcement via MDM, network and Conditional Access.
Browser alone is not enough. VamiGuard covers desktop apps, IDEs, mobile devices and server calls — all governed by a single central policy.
VamiGuard Cloud runs exclusively in the EU on Open Telekom Cloud — operated by T-Systems under German law. Or fully on your own infrastructure.
Three availability zones in the region eu-de. KMS-backed encryption with optional BYOK in your own HSM. No US parent company. No CLOUD Act exposure. Full audit-trail ownership in the on-premises tier.
The browser extension is and remains free, open source and Apache-2.0. Central management is added on top whenever you are ready — data sovereignty stays with you in any case.
Browser extension installed by the user. Local patterns, local mapping, no telemetry, Apache-2.0 licensed.
Multi-tenant SaaS on Open Telekom Cloud. Central console, four policy modes, SIEM integration, 99.5 % SLA.
Helm chart for your own data centre or OTC tenancy. Air-gap-capable. Bring your own LLM and HSM. Audit-trail ownership.
Try the free open-source extension on Chrome today. Reach out to us as soon as you want to bring central management to your organisation.
Contact us for an individual consultation and security solution tailored to your requirements.
Valeri Milke, CEO of VamiSec
"Only when all instruments are well-tuned does your organization become secure and compliant."
