Unified AI security platform for the enterprise. Includes DataShield DLP, Senseway and OCR. Cloud (Switzerland) or On-Prem (Podman/Docker/K8s). Prompt Guard as optional addon (+25%).
Adlibo Guard Cloud is a sovereign SaaS hosted in Switzerland (Geneva). No servers to configure, no maintenance.
63+ formats, 16 extraction engines
Detection of 150+ unauthorized AI services
Block/Allow by policy — redirect to Senseway
Intercepts 100% of outbound LLM traffic (APIs, CI/CD, backends). Automatic tokenization, zero code change. All major AI providers supported.
Route 100% of LLM traffic through Senseway. No bypass possible — master switch.
Prompt Guard available as optional addon (+25% of price).
One container, all engines
... patterns, 24 categories
Contextual tokenization / rehydration
63+ formats, 16 engines
100+ PII detection patterns
From raw prompt to rehydrated response — in 4 steps, 100% local
Adlibo Guard intercepts the prompt before it reaches the LLM. Real-time content analysis to detect sensitive data.
Detected PII are replaced with random tokens. The local vault encrypts the token-to-value mapping in AES-256-GCM.
The tokenized prompt is sent to the LLM. No sensitive data transits — the LLM only sees valueless tokens.
The LLM response is intercepted. Tokens are replaced with original values from the vault. 99%+ fidelity.
See the difference between an unprotected prompt and one protected by Adlibo Guard
~5ms
Local latency
63+
OCR formats
99.9%
Availability
Podman / K8s
Deployment
Add Prompt Guard to your Adlibo Guard license to detect injection attempts, jailbreaking, and malicious prompts — all locally, with zero data sent externally.
Score: ≥85 BLOCK | ≥50 WARN | <50 ALLOW
Degressive pricing — from 1 to 200+ users
600’000 tokenizations / month
1’700’000 tokenizations / month
3’500’000 tokenizations / month
5’000’000 tokenizations / month
10’000’000 tokenizations / month
20’000’000 tokenizations / month
Contact us
Built for large-scale deployments
Deploy multiple instances with load balancing. Vault replicated across nodes for high availability.
Native AD/LDAP sync. RBAC per user, group and department.
Native /metrics endpoint. Pre-configured Grafana dashboards. Alerts on latency, errors, tokens.
Native SIEM integration. Every event logged with timestamp, user, action, result.
Vault replication across instances. Automatic failover. RPO < 1 second.
Signed pattern bundles. Manual USB/isolated network transfer. SHA-256 integrity verification.
/analyze, /tokenize, /rehydrate, /health, /metrics endpoints. TypeScript and Python SDKs.
Complete audit trail. Automated compliance reports. CSV/JSON/PDF export.
Compare the two deployment modes
Adlibo Guard automatically detects and replaces PII with random tokens before any LLM call. Rehydration restores original values in the response. All local, ~5ms latency.
John Smith, IBAN CH93 0076 2011 6238 5295 7Email: john.smith@bank-ch.comAmount: CHF 847,350.00Card: 4532 XXXX XXXX 1234[TOKEN:042], IBAN [TOKEN:017]Email: [TOKEN:089]Amount: [TOKEN:023]Card: [TOKEN:056]Industry-specialized DLP patterns with contextual access rules
Tokenization of patient identifiers (NIR, AVS), ICD-10 codes, lab results with statistical preservation.
Protection of case numbers, court references and confidential amounts. Document integrity via SHA-256 hash.
Protection of banking data, trading accounts and compliance indicators. Native FINMA and AMLA compliance.
Intellectual property protection: patents, trade secrets, source code and R&D projects.
The Token Vault runs entirely on your infrastructure. Each session generates a unique key encrypted by a master key derived via scrypt. No data leaves your perimeter.
AES-256-GCM on your infrastructure. Master key under your exclusive control.
The vault runs air-gapped. No external network calls for encryption.
Token retention duration configurable: 1h to 90 days per your policies.
Complete vault access log: user, role, action, timestamp.
Master Key
(env var)
Session Key
(scrypt)
AES-256-GCM
(token values)
Tokenization vs Masking vs Encryption — why contextual tokenization is superior
Random token stored in a vault
John Smith → [TOKEN:042]Replacement with characters (***)
John Smith → J*** S****Cryptographic transformation
John Smith → aGVsbG8gd29ybGQ=Adlibo Guard uses contextual tokenization: the LLM understands the text structure without ever seeing the real data. Maximum security and preserved utility.
Over 100 PII patterns covering 14 domains. Contextual multi-language detection with built-in OCR for 63+ file formats.
Algorithms trained on millions of patterns to detect sensitive data with precision.
Images, PDF, Office, source code — text extraction and PII detection across all formats.
Detection in French, English, German, Italian, Spanish, Portuguese.
Every DLP pattern automatically validated against conflicts and false positives.
Define your own patterns for data specific to your business.
Granular access control by role, department, and group. AD/LDAP integration.
Integrate Adlibo Guard into your applications in a few lines
Prompt analysis — PII detection + risk scoring
Contextual tokenization — replaces PII with tokens
Rehydration — restores original values from vault
Health check — service status, version, uptime
Prometheus metrics — latency, tokens, errors
import { AdliboGuard } from '@adlibo/sdk';
const guard = new AdliboGuard({
baseUrl: 'http://localhost:6013',
apiKey: process.env.ADLIBO_KEY,
});
// Tokenize sensitive data
const tokenized = await guard.tokenize({
text: 'Jean Dupont, IBAN CH93 0076...',
});
// => { text: '[TOKEN:042], IBAN [TOKEN:017]' }
// Send to LLM (zero PII)
const llmResponse = await llm.chat(tokenized.text);
// Rehydrate the response
const final = await guard.rehydrate({
text: llmResponse,
sessionId: tokenized.sessionId,
});
// => Original values restoredAvailable SDKs: TypeScript (@adlibo/sdk), Python (adlibo), PHP (adlibo/sdk)
Benchmarks measured on standard hardware (4 vCPU, 8 GB RAM)
Tokenization (P50)
2.3ms
Tokenization (P99)
8.7ms
Rehydration (P50)
1.1ms
Rehydration (P99)
4.2ms
Max throughput
850 req/s
Memory (idle)
~180 MB
Benchmarks with wrk2 (100 connections, 10 threads). Hardware: Intel Xeon E-2388G, 32 GB ECC RAM, NVMe.
Adlibo Guard reduces your compliance costs and risks
Audit time
-50%
Reduction in audit preparation time
Cost per incident
CHF 4.35M
Average cost of avoided breach (IBM 2024)
Avoided fines
4% Revenue
Maximum GDPR fine avoided
Productivity
+30%
Security team productivity gain
Organizations hesitate to adopt AI due to data leakage fears. Adlibo Guard removes each of these barriers.
Local tokenization before any LLM call. Your data never leaves your infrastructure.
LLMs block responses containing PII. With Adlibo Guard, the LLM sees zero PII and responds normally.
nFADP, GDPR, FINMA, EU AI Act: compliance is built-in. Air-gapped, beyond CLOUD Act.
Contextual tokenization preserves text meaning. Rehydrated responses are 99%+ faithful.
Every component audited, every flow verified
AES-256-GCM for vault, TLS 1.3 for communications, scrypt for key derivation.
No data leaves your infrastructure. No phoning home, no cloud metrics, no tracking.
Source available for audit by your security teams. Enterprise license includes source code access.
Each container image is cryptographically signed. Integrity verification before deployment.
No open ports except the API. No external DNS resolution. Works 100% air-gapped.
Images hosted on git.adlibo.com (Switzerland). No US registry (Docker Hub, GHCR).
Protect your LLMs in 3 steps
1. Create an account
# https://www.adlibo.com/register2. Get your API key
# Dashboard → API Keys → Create
export ADLIBO_API_KEY="al_live_your_key_here"3. Integrate in your app
curl -X POST https://api.adlibo.com/api/v1/analyze \
-H "Authorization: Bearer $ADLIBO_API_KEY" \
-H "Content-Type: application/json" \
-d '{"prompt": "Your text here"}'Swiss and European organizations trust Adlibo Guard
“Adlibo Guard enabled us to adopt generative AI in full FINMA compliance. Contextual tokenization is transparent to our analysts.”
CISO, Swiss cantonal bank
“Deployed in 3 hours on our air-gapped Kubernetes cluster. DLP patterns already cover all our medical use cases.”
CTO, University hospital
“The 5ms latency is impressive. Our lawyers use LLMs without even knowing their data is protected.”
IT Manager, Law firm
Protect your LLMs in the most demanding environments
FINMA compliance, nLPD, banking secrecy. No data leaves your network perimeter.
View industryPatient data protected on-site. Compatible with air-gapped hospital environments.
View industryProfessional secrecy guaranteed. Contextual tokenization of sensitive data before any LLM.
View industryClassified infrastructure. Sovereign deployment with zero foreign cloud dependency.
View industryAir-gapped = beyond CLOUD Act
Adlibo Guard on-premise eliminates all dependency on third-party cloud. Your data stays 100% on your infrastructure — no subprocessors, no international transfers.
Native compliance with the new Federal Act on Data Protection.
Financial market supervisory authority requirements satisfied.
GDPR-compliant by design — tokenization = pseudonymization per Art. 4(5).
Digital operational resilience and critical infrastructure cybersecurity.
Transparency and governance for high-risk AI systems.
No internet connection required. Fully isolated network deployment supported.
100% local data. No cloud subprocessor, no cross-border transfer.
CLOUD Act
On-Premise
100% Sovereign
Switch from cloud DataShield to Adlibo Guard on-premise seamlessly
Export your cloud configuration (patterns, RBAC, exclusions)
Deploy Adlibo Guard on your infrastructure (Podman / Docker / K8s)
Import the configuration — same JSON format, 100% compatibility
Switch your API endpoints — same interface, same SDK
Migration is assisted by our engineering team. Typical duration: 2-4 hours for a standard deployment.
Expert guidance at every step
Email + documentation. Weekly updates.
Email + priority chat. Daily updates. Dedicated engineer.
24/7 hotline. Dedicated engineer. Real-time updates. Personalized onboarding.
Everything you need to know about Adlibo Guard in production.
Contact our team for an evaluation license or launch the Quick Start immediately.
For large organisations that already have their own AI interface and want only transparent DLP protection for their LLM traffic.
Transparent DNS/API Proxy
DNS redirect or API gateway — zero code change required.
DataShield Tokenization
PII, financial, health data — tokenized before reaching the LLM.
50+ AI providers
OpenAI, Anthropic, Google, Mistral, Cohere and all major providers.
Full audit trail
Every exchange traced, timestamped and auditable — FINMA/GDPR compliant.
No Senseway / no agents
Pure DLP proxy — no Senseway workspace or AI agents included.
Starting at
100+ users · 20 000 000 tokenizations/month shared
Volume-degressive pricing — contact us for 200+ users.
Built on industry standards to ensure interoperability, auditability and regulatory compliance.
Adhering to standards ensures interoperability with your existing tools and simplifies compliance audits.