AI Security Gateway - Now Available

Mask sensitive prompt data before it leaves AI apps.

NeutralAI adds a compliance-first control layer for browser AI and app traffic, with masking, encrypted tokenization, and audit-ready proof for regulated teams.

Auto evidence

SOC2 readiness / GDPR-aligned / Cyber Essentials via review

Token vault

AES-256-GCM

Measured overhead

~41 ms

Live Narrative

How NeutralAI works in one view

api.neutralai.co.uk
Detect
Mask
Route
Audit

Raw input

Sanitized prompt

Audit evidence recorded

3 entities tokenized · policy PII-Mask-v3 · export-ready

How NeutralAI Protects Prompts

Intercept

Prompt traffic is captured before external model routing.

Detect

Policy-aware recognition flags sensitive identifiers early.

Mask

Sensitive values are replaced with safer tokens or sanitized references.

Audit

Evidence and policy decisions stay review-ready for security teams.

Why teams choose it

Stops raw PII and business identifiers before they reach external models
Generates compliance evidence for AI usage instead of relying on manual screenshots
Supports browser extension and managed gateway today, with private cloud/on-prem scoped through enterprise review
Helps legal and security approve AI adoption without blocking everyday workflows
AES-256-GCM vaultSOC2 readinessGDPR-aligned controlsCyber Essentials via review20+ PII entity types10-language benchmark

Social Proof

Proof buyers can verify.

Evidence for regulated teams: supported industries, public benchmark scope, measured gateway overhead, and evaluation patterns without invented customer claims.

Proof-backed metrics

Concrete signals buyers can verify.

These numbers come from product surfaces, benchmark artifacts, and documented website claims. Production usage counts and customer outcomes are published only when an approved source exists.

SignalWhy it matters

20+

PII entity types

Names, contacts, account identifiers, cards, IBANs, NHS-style IDs, and custom rules.

10

benchmark languages

Current multilingual benchmark scope across English, Turkish, German, French, Spanish, and more.

99.8%

public overall F1

Gateway-owned product benchmark, not a third-party independent evaluation.

~41 ms

measured overhead

NeutralAI gateway overhead measured separately from model generation time.

Finance evaluation pattern

A regulated team wants AI summaries without leaking customer identifiers.

NeutralAI sits in front of prompt traffic, masks payment and contact details, and gives security reviewers evidence before wider rollout.

Buyer outcome: safer evaluation path before approving production AI workflows.

Healthcare evaluation pattern

A healthtech team needs useful AI output while reducing raw PHI exposure.

Prompts keep operational context while direct patient identifiers are tokenized or removed before external model routing.

Buyer outcome: clearer BAA and deployment review conversations without blanket compliance claims.

Adoption Without Friction

Secure AI usage without changing habits

NeutralAI works best when adoption does not require a behaviour reset. Teams keep familiar browser-based AI tools while NeutralAI adds prompt protection, auth context, and policy support in the background.

No retraining project just to start using AI more safely
No forced portal switch for teams already working in browser-based tools
A better rollout story because security arrives without workflow drag
Browser extension

Same tab. Same prompt box. Protected underneath.

NeutralAI can protect browser-based AI usage in the flow people already know, which is exactly why adoption can move faster.

Extension active

User Experience

People keep the workflow. NeutralAI adds the protection layer.

What Users Feel

No workflow disruption, no extra friction, and no new daily habit to learn.

What Security Gets

A real control point over browser-based AI usage instead of hoping people self-police prompts.

Deployment Options

One product, multiple deployment paths

NeutralAI is not a single hosting story. Teams can choose the operating model that fits their risk posture, infrastructure constraints, and rollout speed.

NeutralAI

SaaS

Fastest path for teams that want managed rollout

Use NeutralAI as a managed service when you want speed, lower operational overhead, and a simpler path into protected AI usage.

NeutralAI

Private Cloud

For teams that need stronger environment control

Run NeutralAI in a customer-controlled cloud environment when governance, network boundaries, or data posture require more separation.

NeutralAI

On-Prem

For regulated deployments with strict infrastructure requirements

Deploy NeutralAI inside your own infrastructure when policy, compliance, or customer obligations demand the highest level of control.

Why It Matters

AI usage grows faster than approval paths.

The real problem is not just privacy. It is losing the ability to approve AI usage with confidence before shadow workflows become normal.

NeutralAI creates the yes-path, not just another warning.

Legal buyer signal

Law firms get blocked when confidentiality concerns, breach-response duties, and client trust reviews arrive before a safe AI control path exists.

See legal AI use case

Sensitive data leaves first

Client names, matter IDs, claim references, transcripts, and internal context can leave the boundary before policy is applied.

Security becomes the blocker

Without a visible control point, legal and security teams struggle to answer confidentiality, breach, and insurer review questions.

Shadow AI becomes normal

When approved workflows lag behind demand, people improvise with unmanaged tools and client trust erodes before procurement can respond.

Live Preview — No Signup

See masking in action

Type or paste any text containing sensitive data below. Watch PII get masked in real time — no account, no network call.

1× PERSON1× EMAIL1× CREDIT_CARD1× NI_NUMBER1× PHONE

Masked Output

5 entities masked
Hi, I'm <PERSON>, email <EMAIL>, card <CREDIT_CARD>, NI number <NI_NUMBER>, phone <PHONE>.

Detected & masked

  • PERSONJohn Doe<PERSON>
  • EMAIL[email protected]<EMAIL>
  • CREDIT_CARD4111 1111 1111 1111<CREDIT_CARD>
  • NI_NUMBERAB 12 34 56 C<NI_NUMBER>
  • PHONE+44 7700 900 123<PHONE>

Live preview uses client-side regex heuristics only. The gateway uses Presidio + NER for production-grade detection. Try the full playground for server-side accuracy.

How It Works

Three steps. One control layer.

NeutralAI sits between the workflow and the model, intercepting traffic before raw sensitive values continue downstream.

01

Intercept

Traffic hits NeutralAI before it reaches the external model.

02

Neutralize

Sensitive values become safer tokens or sanitized references.

03

Forward

Only the cleaned request continues downstream.

Detection Engine

The technical detail buyers ask for, without the wall of docs.

NeutralAI combines real-time recognizers, semantic validation, tenant rules, and masking mode controls so security teams can understand what happens before prompt egress.

Stage 1

Presidio NER + Pattern Matching

Real-time recognizers catch common personal, financial, regional, and network identifiers before the request moves downstream.

Stage 2

Semantic Validation via Qdrant vector DB

Context checks help reduce false positives before policy decisions, with confidence thresholds configurable per entity type.

Entity Types Grid

Visible coverage for common PII classes

tenant rules
EMAIL
PHONE_NUMBER
PERSON
CREDIT_CARD
IBAN
IP_ADDRESS
SSN
UK_NHS_NUMBER
TR_ID_NUMBER
TR_VAT_NUMBER
Custom rules

Benchmark Coverage

ENEnglish
TRTurkish
DEGerman
FRFrench
ESSpanish
ITItalian
PTPortuguese
ARArabic
NLDutch
PLPolish

Current multilingual benchmark scope covers 10 target languages; additional packs should be promoted after approved benchmark releases.

Masking Modes

Irreversible

<EMAIL>

Sensitive value is removed from the prompt path.

Reversible

<EMAIL_token_abc123>

Token is stored in an encrypted vault and retrievable only with authorization.

Two-stage detection

Presidio NER and pattern matching with semantic validation using Qdrant.

Encrypted token vault

AES-256-GCM-backed reversible tokenization for governed restore paths.

Entity coverage

EMAIL, PHONE_NUMBER, PERSON, CREDIT_CARD, IBAN, SSN, TR_ID_NUMBER, UK_NHS_NUMBER, and custom rules.

Policy tuning

Configurable confidence thresholds per entity type and multilingual detection coverage.

Why Trust NeutralAI

Proof your security team can trust.

NeutralAI goes beyond masking by combining policy enforcement, encrypted tokenization, audit-ready evidence, and deployment options built for regulated AI adoption.

Compliance evidence automation

NeutralAI gives teams a control point that can produce audit-ready proof instead of leaving AI usage invisible.

Reversible vault tokenization

Sensitive values can be replaced with encrypted tokens before model egress, then restored only through governed paths.

Managed now, private cloud/on-prem planning

Teams can start with managed SaaS and move toward stricter deployment models as governance demands increase.

Benchmark proof

Measured against a reproducible Presidio-vanilla baseline.

NeutralAI combines proven open-source detection primitives with multilingual calibration, masking, and enforcement layers. The gateway repo remains the measurement source of truth, while the website links buyers to the published methodology and benchmark surface.

Product benchmark, not a third-party independent evaluation.

Public overall F1

99.8%

Holdout overall F1

98.4%

Holdout PERSON F1

92.7%

Healthcare trust

HIPAA-ready deployment support without blanket claims.

NeutralAI helps healthcare and healthtech teams protect PHI before prompts reach AI providers, with PHI-aware controls, audit evidence, and BAA review support for eligible deployments.

Not legal advice. BAA terms, deployment model, and customer obligations require review.

PHI-aware masking

Patient names, contact details, medical record numbers, health plan/member IDs, and device/UDI-style identifiers can be handled before model routing.

Minimum-necessary posture

Prompts keep useful clinical or operational context while direct identifiers are reduced before they leave the approved workflow.

Review-ready evidence

Audit metadata, breach workflow support, and an evidence pack are available under review/NDA without putting raw PHI into standard reports.

BAA review support

BAA review is available for eligible healthcare deployments, with final terms and deployment responsibilities reviewed commercially.

Document proof

Protect files before document content reaches AI workflows.

NeutralAI document handling extends PII protection beyond chat prompts, with document-aware extraction, redaction output, and audit-safe finding metadata for supported upload flows.

Supports simple text PDFs today. OCR-backed image detection depends on configured OCR runtime.

PDF redaction

Supports simple text PDFs today and returns generated PDF output with visual blackout marks.

Office and images

Extracts Office document text and supports OCR-backed image detection when OCR is configured.

Audit-safe metadata

Records file hash, page count, finding counts, and approximate locations without raw sensitive text in standard logs.

Operational Signals

Live product. Easy to verify.

You can quickly check that NeutralAI is live: api.neutralai.co.uk is public, benchmark pages are published, and gateway latency is tracked separately from model response time.

GET api.neutralai.co.uk/health
GET api.neutralai.co.uk/ready

Pricing

Pricing is being finalised

We are finalising our published pricing ahead of commercial launch. Plans start free, and paid tiers are sized for small and mid-sized regulated teams — talk to us for current plans and early-access pricing.

Start in minutes

Put the control layer in place before the rollout gets messy

NeutralAI is for teams that already know AI usage is happening and want a credible way to reduce prompt risk without slowing everyone down.

Need a security or commercial conversation first? Contact NeutralAI.