Setup for security engineers

Surface: SDK and Gateway (org-wide) Modes supported: Hosted Hybrid Local Tiers: Free Solo Teams

Who this is for

You are accountable for what leaves the building. AI tools are a new egress path, and you need detection, prevention, and an audit trail across every place AI is used -- not just one app.

What you typically want governed

• Secret and PII egress. API keys, tokens, SSNs, and card numbers must never leave in a tool call or prompt.
• A consistent posture enforced the same way across SDKs, the gateway, and coding assistants.
• Evidence. A durable, queryable audit trail of every decision for reviews and incidents.

Which surface to install

A policy you author once is evaluated the same way on every surface, so you do not maintain separate rule sets. Use the SDK in apps you control and the Gateway in front of apps you do not. On both, the SDK and Gateway scan tool arguments against built-in DLP patterns (AWS keys, GitHub tokens, SSNs, cards, and more) automatically.

pip install controlzero

Starter policy

Allow normal LLM and tool use, but block secret/PII egress via a DLP rule. DLP block overrides a would-be allow, so this stops a leak even on an otherwise permissive policy:

version: '1'
settings:
  default_action: allow
  default_on_missing: deny
  default_on_tamper: quarantine
rules:
  - id: allow-llm
    allow: 'llm:generate'
    reason: 'LLM use is permitted; DLP below stops leaks regardless.'
dlp_rules:
  - id: block-internal-codes
    pattern: 'PROJ-[A-Z]{3}-\d{6}'
    category: custom
    action: block
    reason: 'Internal project codes must not leave the agent.'

Built-in DLP patterns are always active; the rule above adds a custom one. To build a broader DLP rule set in the dashboard, see Set up DLP rules.

What you'll see

• A DLP block lands in the Audit Log with decision: deny and a DLP_BLOCKED reason code, telling you exactly which pattern fired and on which call.
• Audit logs are retained by tier -- 7 days on Free, 90 days on Solo, and 365 days on Teams. Query, filter, and export them for reviews.
• Roll out org-wide with observation-only first so you measure real egress attempts before you start blocking.

Next steps

• Block secrets and PII egress -- the canonical egress recipe.
• Set up DLP rules -- build and tune detection patterns.
• DLP coverage -- the built-in pattern set and custom regex.
• Discover shadow AI Beta -- find unsanctioned AI before you govern it.
• Compliance reports -- turn the audit trail into a report.