Answer box
Prompt DLP is the class of inline inspection applied to prompts sent to AI tools — detecting and redacting / blocking PII, PHI, source code, financials, secrets, customer data, and prompt-injection patterns before the prompt reaches the model. Response inspection is the inverse: the same inspection applied to the model's response before it reaches the user. Both are structurally required in 2026 because legacy DLP was built for files and email, not for the streaming prompt-and-response patterns that define enterprise AI usage. This hub covers definitions, why traditional DLP fails, per-platform coverage, and the complete AccuroAI library.
Why legacy DLP misses GenAI
| Assumption legacy DLP makes | Why it breaks for GenAI |
|---|---|
| Data moves as files and email | Prompts are real-time conversational input — not files |
| Detection at network egress is enough | Many AI tools are accessed via browser tabs, not enterprise network egress |
| Pattern matching on bounded text fields | Prompts contain pasted multi-megabyte snippets, code, structured data |
| Block-or-allow decisions | Production AI requires redact-don't-block to preserve productivity |
| One-direction inspection (outbound) | Responses can leak too — model-surfaced PII, embedded prompt injection |
| One-time policy decisions | Agentic AI requires continuous per-action policy evaluation |
The structural answer is purpose-built prompt DLP + response inspection at the AI control plane layer.
The detection categories that matter
Inspection covers eight data classes in 2026 enterprise deployments:
- PII — names, SSN, addresses, phone, email, government IDs.
- PHI — medical records, diagnoses, treatment, patient identifiers.
- Financial data — account numbers, transactions, AUM data, M&A signals.
- Source code — proprietary code, API keys embedded in code.
- Secrets — passwords, tokens, certificates, private keys.
- Customer data — customer identifiers, segment data, support transcripts.
- Strategic / M&A signals — keyword sets specific to organizational sensitivity.
- Prompt injection patterns — OWASP LLM Top 10 #1 + Agentic Top 10 ASI01 detection signatures.
A complete control runs all eight on both prompts (Capability 3 of the Workforce AI Security buyer's guide) and responses (Capability 4).
Per-platform coverage in 2026
Inspection coverage depends on where the AI tool's traffic flows:
- ChatGPT Enterprise, Claude Enterprise, Perplexity Enterprise: SAML SSO + API integration enables inline inspection at the AI control plane layer.
- Microsoft Copilot for M365: Microsoft Purview AI Hub covers DLP and labels; deeper OWASP-aligned inspection from a layered AI control plane.
- Google Gemini for Workspace: Workspace DLP plus AI control plane layer.
- Custom GPTs / Assistants: depends on architecture — most enterprise control planes wrap these via API proxying or OAuth-mediated access.
- MCP servers: custom integration; see the MCP inventory playbook.
- Browser-based shadow AI: browser-sensor architectures (Capability 1 of Workforce AI Security).
Latency budget
Inline inspection that breaks the user experience gets bypassed under load. The 2026 benchmark:
| Inspection latency p99 | Operational impact |
|---|---|
| <40ms | Imperceptible to user; deployable on every interaction |
| 40-100ms | Noticeable but tolerable; deployable with caution |
| 100-300ms | Productivity drag; users will route around |
| >300ms | Unworkable inline; only viable as post-action review |
AccuroAI's Protect layer runs at <38ms p99 across major AI platforms — the design point for inline-everywhere deployment.
All AccuroAI posts on Prompt DLP
Foundation
- AI DLP Enterprise Guide: Data Loss Prevention for GenAI — the introductory framing.
- AI DLP vs Legacy DLP: Why Your Existing Tools Miss GenAI Leaks — the structural mismatch.
Per-platform deep dives
- Microsoft 365 Copilot vs ChatGPT Enterprise: Where Each Leaks — side-by-side leak profiles.
- Microsoft 365 Copilot Oversharing — the M365 permissions story.
- Microsoft 365 Copilot Permissions: Official Reference — the documented-truth reference.
Buyer's guides
- Workforce AI Security: A 2026 Buyer's Guide — the broader workforce-side category.
- AI Visibility Tool with SAML SSO: A 2026 Enterprise Buyer's Guide — discovery + access combined with inspection.
Threat intelligence
- Prompt Injection Attacks: The 2026 Enterprise Defense Playbook — OWASP LLM #1.
- Tool Poisoning: The Supply Chain Attack Coming for Your AI Agents — how response inspection defends against tool poisoning.
FAQ
What is prompt DLP? Inline inspection of prompts sent to AI tools, detecting and redacting / blocking sensitive data and prompt-injection patterns before they reach the model.
Is prompt DLP different from regular DLP? Yes. Regular DLP was built for files and email. Prompts are streaming conversational input with different structure, latency requirements, and bidirectional inspection needs.
Does Microsoft Purview AI Hub provide prompt DLP? For Microsoft Copilot specifically, Purview AI Hub provides DLP policy enforcement. For multi-AI environments (ChatGPT Enterprise, Claude Enterprise, Gemini Workspace, custom MCP-based agents), enterprises typically layer a dedicated AI control plane above Purview.
What latency is acceptable for inline inspection? Sub-40ms p99 is the design point for inline-everywhere deployment without breaking the productivity case. Above 100ms users will route around it under load.
Does response inspection matter or is prompt inspection enough? Both matter. Response inspection catches data the model surfaces from connectors, files, or oversharing patterns; catches indirect prompt injection embedded in tool responses; and catches hallucinated PII the model invented. Prompt-only inspection misses all three.
Sources: OWASP Top 10 for LLM Applications · OWASP Top 10 for Agentic Applications 2026 · Microsoft Purview AI Hub documentation.