Set up DLP rules for my team

Surfaces used: dashboard DLP Rules Editor (source of truth) + any enforcement surface (gateway, hooks, browser extension, SDK) Modes supported: Hosted Hybrid Tiers: Solo Teams

What you'll do

Open the DLP Rules Editor, pick from 65 built-in patterns (SSN, AWS keys, credit cards, health identifiers, etc.) or write custom regex, test your rules against sample inputs, and publish. Every enforcement surface in your org picks up the change automatically.

Why this is the right path for you

• If you want one canonical place where "what is sensitive" is defined, this is it. You do not maintain parallel lists in multiple tools.
• The editor is the source. Deployment surfaces (gateway, hooks, browser extension, SDK) enforce it. You do not pick "DLP for gateway vs DLP for extension" -- it is one ruleset, enforced everywhere.

When NOT to use this approach

caution

If you only need detection on one surface and do not care about consistency, the built-in default ruleset already covers most cases. The editor is for teams that want to add custom patterns or tune defaults.

5-minute setup

1. Dashboard -> DLP -> Rules editor.
2. Click Add rule. Pick a preset (e.g., US SSN) or Custom regex.
3. Configure:
   • Pattern: the regex or preset id.
   • Action: redact, warn, or block.
   • Scope: prompt, response, tool_arguments, or any subset.
   • Applies to: all projects, or a specific project.
4. Paste a test input in the Test panel. Confirm your rule matches (or not) before publishing.
5. Click Publish. Policy bundle is re-signed and distributed; enforcement surfaces pick it up within ~60 seconds.

Example custom rule (internal project code):

Name:       Internal project codenames
Pattern:    \b(BLUEBIRD|NIGHTHAWK|REDFIN)-[A-Z0-9]{4,}\b
Action:     redact
Scope:      prompt, tool_arguments
Applies to: Project "engineering"

Verifying it's working

1. Test pane: the editor shows matched spans on your sample text before you publish.
2. Enforcement: send a prompt containing your test string through the gateway / SDK / extension. Confirm the action (block / redact / warn) fires.
3. Audit: dashboard -> Audit shows the matched rule id on each event.

Common follow-ups

• "I want the list of built-in patterns" -> DLP coverage (65 patterns + custom regex)
• "I want to enforce via the gateway" -> Govern an existing app
• "I want to enforce in the browser" -> Block PII in chat UIs
• "I want to enforce on coding assistants" -> Govern Claude Code
• "I want to use DLP inside my own Python app" -> Govern an AI app in Python

Reference

• Surface page: DLP Rules Editor
• Concepts: Policies
• API: API reference