Skip to content
GHOST·BRIDGE

AI SECURITY PROXY

Let your team use public AI without leaking the company.

Ghost Bridge sits between your engineers and any public model. It detects secrets, source, and identifiers in a prompt, swaps them for synthetic tokens, and only rehydrates the real values once the answer is safely back inside your perimeter.

How it works
0
raw secrets sent outbound
10
detector classes
100%
reversible on the safe side
perimeter tls · in-memory

Your prompt

  • sk_live_4eC3…
  • Proje Helix
  • 10.4.21.7

real values

Public model

  • [GB_API_KEY_01]
  • [GB_PROJECT_01]
  • [GB_IP_01]

synthetic tokens

answer rehydrated with real values, in-perimeter only

LIVE SANDBOX

Send a request across the bridge

Paste anything you'd never want a public model to see. Nothing leaves this page - the masking and rehydration both run locally, exactly as the proxy runs inside your network.

  1. Compose

    real values

  2. Mask

    tokenize

  3. Public model

    tokens only

  4. Rehydrate

    safe answer

01Compose

Your side of the bridge

02Masked request

What the public model receives

Run a request to see the redacted prompt that crosses the bridge.

03Public model response

Tokens still in place

The model answers using only the synthetic tokens it was given.

04Rehydrated answer

Safe on your dashboard

Tokens are swapped back to your real values - this is the only place they reappear.

HOW IT WORKS

A one-way mirror for your prompts

The model gets enough structure to be useful and nothing it could leak. Real values exist on only one side of the bridge - yours.

  1. 01

    Intercept

    Every outbound prompt is routed through the bridge instead of straight to the model provider. Your apps and IDE plugins point at one endpoint.

  2. 02

    Detect

    Pattern and entropy detectors flag secrets, keys, connection strings, patents, source identifiers, and internal codenames - the things that should never leave your network.

  3. 03

    Tokenize

    Each finding is replaced with a stable synthetic token. Identical values share a token, so the model keeps its reasoning intact without ever seeing the real thing.

  4. 04

    Forward

    The de-identified prompt goes to the public model. The provider only ever receives tokens like [GB_API_KEY_01] - useless if logged, breached, or trained on.

  5. 05

    Rehydrate

    When the answer returns, the bridge swaps tokens back to their real values from an in-memory vault. The mapping never crosses the perimeter.

  6. 06

    Audit

    Every masking decision is logged with a class and timestamp, giving security teams a complete, reviewable trail of what was protected and when.

GUARANTEES

Built for security teams, not just demos

Nothing raw leaves the perimeter

Detection and tokenization happen before the request is forwarded. Providers never receive a real secret, name, or identifier.

Mapping stays in memory

The token-to-value vault lives inside your network and is discarded after the response is rehydrated. It is never transmitted or persisted by default.

Model-agnostic

Point the bridge at any provider. Because it operates on the prompt, switching or load-balancing public models needs no change to your protections.

Reversible by design

Stable tokens mean answers come back fully usable. Engineers get the model's full help with the company's secrets still inside the walls.