ON THIS PAGE

Works with your stack

FAQs

Regulatory & Compliance Risks:
‍How they work and how Lakera stops them

The risk of AI outputs breaching legal, privacy, or industry-specific data protection requirements.

See how it works

15,000<

Average number of threats
detected per day

0.01%

False-positive rate

100+

Languages covered

<12ms

Average latency

How the regulatory and compliance risks work

Unprotected System

Protected by Lakera

UNTRUSTED USER PROMPT

USER

LLM ASSISTANT RESPONSE

LLM

UNTRUSTED USER PROMPT

USER

LLM ASSISTANT RESPONSE

LLM

THREAT DETECTED/

Input & Context

A malicious user asks an agent to summarize a customer record, include all PII/PHI personal identifiers and then invoke a tool to email the profile details to an external location.

An undefended agent could receive the request, fulfill it and invoke an “email” tool to exfiltrate the sensitive customer data both to the malicious user and to the email address provided.

Policy snippet (copy/paste)
{
  "data": {
    "name": "AI Policy",
    "policy_mode": "IO",
    "input_detectors": [
      {
        "type": "prompt_attack",
        "threshold": "l2_very_likely"
      },
    ],
    "output_detectors": [
      {
        "type": "pii/names",
        "threshold": "l2_very_likely"
      },
      {
        "type": "pii/salaries",
        "threshold": "l2_very_likely"
      }
    ],
    "id": "policy-9b52e331-d609-4ce3-bbb9-d2b1e72a0f20"
  }
}

Lakera Decision

Lakera Guard’s integration points can and should include any data retrieved from potential external and internal sources which are not under the strict control of the organization. This includes all agentic tooling interactions including the tool descriptions themselves.

Guard can flag the input prompt due to the inclusion of the email address via built in PII input guardrails or specific to the external email domain via custom guardrails.

Should the agent attempt to return the PII/PHI rich summary, Guard’s customizable Data Leakage Prevention guardrails will detect, flag, log (and redact) sensitive data.

Details of the attack are flagged to the application, logged with redactions, a suitable denial of tool use and response returned to the user who should be flagged as malicious.

Log & audit fields
{
  "payload": [],
  "flagged": true,
  "timestamp": "2025-11-26T12:35:22Z",
  "breakdown": [
   {
      "project_id": "project-7539648934",
      "policy_id": "policy-a2412e48-42eb-4e39-b6d8-8591171d48f2",
      "detector_id": "detector-lakera-pinj-input",
      "detector_type": "prompt_attack",
      "detected": true,
      "message_id": 0
   },
   {
      "project_id": "project-7539648934",
      "policy_id": "policy-a2412e48-42eb-4e39-b6d8-8591171d48f2",
      "detector_id": "detector-lakera-pii-17-input",
      "detector_type": "pii/names",
      "detected": true,
      "message_id": 0
    },
    {
      "project_id": "project-7539648934",
      "policy_id": "policy-a2412e48-42eb-4e39-b6d8-8591171d48f2",
      "detector_id": "detector-lakera-pii-11-output",
      "detector_type": "pii/credit_card",
      "detected": true,
      "message_id": 1
    },
   {
      "project_id": "project-7539648934",
      "policy_id": "policy-a2412e48-42eb-4e39-b6d8-8591171d48f2",
      "detector_id": "detector-lakera-pii-19-input",
      "detector_type": "pii/passport_USA",
      "detected": true,
      "message_id": 0
    },
...

How Lakera Stops Regulatory and Compliance Risks

Real-Time, Context-Aware Detection

Catch instruction overrides, jailbreaks, indirect injections, and obfuscated prompts as they happen, before they reach your model.

Enforcement You Control

Block, redact, or warn. Fine-tune with allow-lists and per-project policies to minimize false positives without weakening protection.

Precision &  Adaptivity

Lakera Guard continuously learns from 100K+ new adversarial samples each day. Adaptive calibration keeps false positives exceptionally low.

Broad Coverage

Protects across 100+ languages and evolving multimodal patterns, with ongoing support for image and audio contexts.

Enterprise-Ready

Full audit logging, SIEM integrations, and flexible deployment options, SaaS or self-hosted, built for production-scale GenAI systems.

Works seamlessly with enterprise environments

Optimized for your infrastructure

Lakera provides seamless integrations  for all your use cases

Integrate with existing analytics, monitoring and security stack

Lakera works with Grafana, Splunk,  and more

Enterprise-grade security

Built to meet highest standards  including SOC2, EU GDPR, and NIST

Frequently asked questions

What audit and reporting features does Lakera provide for compliance verification?

Lakera offers detailed logs and dashboards: you can view screening request analytics and individual request details, export logs for SIEM integration, and track policy edits with full audit history.

In short, you get oversight of which projects triggered flags, when policies were changed, and a structured record of data-security events.

‍

Can Lakera automatically mask or block regulated entities like Tax IDs or medical terms?

Yes. Lakera features built-in detection for many entity types (credit cards, SSNs, IBANs, full names, addresses) and supports custom detectors for organization-specific entities like internal IDs, tax numbers or medical terms.

Detected sensitive data can be either masked or blocked according to your policy configuration.

‍

How does Lakera help enforce compliance with GDPR, HIPAA, or financial data policies?

Lakera Guard screens all model inputs and outputs in real time for personally identifiable information (PII) and other regulated data, masking or blocking any policy-violating content
Additionally, its SaaS and self-host deployment options help meet regional data-handling requirements (e.g., GDPR) and provide enterprise governance controls.

Deploy AI with confidence

Get real time protection against prompt injections, data loss, and other emerging threats to your LLM applications in minutes.

Book a demo