Secure every prompt to every model.
Source code, API keys, and customer data flow into models you do not control. Bastion inspects every prompt in real time, redacts what is sensitive, and blocks the models you have not approved.
[Problem]
Every prompt is an unguarded exit.
The moment a prompt leaves the device, your data is in someone else's training pipeline. Most teams have no idea what is leaving, or to which model.
01
Developers paste secrets into chat.
Source code, access keys, and environment variables go into ChatGPT and Claude every day, with no record and no recall.
02
Unapproved models slip in.
DeepSeek, an unknown endpoint, a new model that launched this morning. Each one is a new place your data can land.
03
No audit trail when it matters.
When a customer or auditor asks what data reached which model, guesswork is not an answer.
[How it works]
Inspect, redact, decide. In under 5ms.
Bastion sits inline as a transparent proxy on the device. Every prompt and API call is inspected before it leaves, with no integration and nothing leaving your network by default.
Real-time prompt inspection
Every prompt, API call, and tool call is inspected inline. Secrets, source code, and PII are caught before the request leaves the device, in under 5ms.
Redact instead of block
Replace a secret with a placeholder before the prompt is sent, so the model still answers and your team keeps working. No broken workflows.
Model allow and block lists
Approve the models you trust and block the rest, per team or per data classification. Kill a risky model across the whole company in one move.
Full audit trail, on your terms
Every prompt-to-model decision can be logged for evidence. Logging is opt-in and yours to control, off until you turn it on.
[Models]
Works with every major LLM.
OpenAI, Anthropic, Google, Meta, Mistral, DeepSeek, and the next one that ships. One integration layer covers them all, so a new model is a policy decision, not an engineering project.
[Trust]
Works everywhere. Leaks nothing.
Privacy by design
Detection runs locally on the device. Nothing leaves your network by default, and prompt logging is opt-in.
- >Detection engine runs locally on the endpoint
- >Nothing leaves your network by default
- >Request and response logging is opt-in
- >Your intellectual property stays yours
Transparent AI proxy
All AI traffic flows through Bastion's transparent proxy with negligible latency. Teams never notice it is there.
- >Around 100ms at P99, invisible against multi-second AI responses
- >Real-time inspection of prompts, responses, and tool calls
- >Works across browser, IDE, CLI, and API traffic
- >Coexists with your VPN and DNS proxy
Managed and current
Our threat intelligence team maintains the detections and model catalog, so your coverage keeps pace with the market.
- >New models and detections shipped as they emerge
- >Pre-built redaction patterns for secrets, keys, and PII
- >Custom data patterns and regex rules
- >Evidence mapped to ISO 27001, ISO 42001, EU AI Act, and SOC 2
[FAQ]
Frequently asked questions
It is configurable. The detection engine runs locally on the endpoint, so by default nothing is stored, logged, or transmitted to our servers. You decide whether prompt logs are kept, so you can stay fully local or enable logging when you need an audit trail.
No. Redaction happens in under 5ms on the device, and the proxy adds around 100ms at P99, invisible against the multi-second responses models already take.
Our threat intelligence team ships detections for new models as they launch, and you can add a model to your allow or block list in a single move. You never have to chase the landscape yourself.
Yes. Every rule can run in monitor-only mode first, so you see exactly what would be redacted or blocked before you enforce anything.
Bastion generates the AI governance evidence your auditor needs, including model inventories, redaction policies, and access decisions, mapped to ISO 27001, ISO 42001, the EU AI Act, and SOC 2.
[Coverage]
One proxy. Every surface.
This is one of four layers in Bastion's AI governance module. Explore the rest.
[Get Started]
See what your prompts are really carrying.
Turn on inspection in an afternoon, watch what would leave in monitor-only mode, then switch on redaction and model controls when you are ready.