RESEARCH PREVIEW · MDG

Meridian Gateway

A self-hosted proxy that masks client PII and proprietary code out of every prompt before it reaches an external LLM — and rehydrates the response afterward — so "Shadow AI" stops being an all-or-nothing bet.

HEADLINE RESULT
Zero raw PII or proprietary code reached the external model across all 5 synthetic test prompts — 18 sensitive entities were masked into opaque tokens before the call, and every one was correctly rehydrated afterward.
18
sensitive entities masked across 5 synthetic prompts
0
raw PII/IP bytes ever sent to the external model
9
distinct entity types detected (SSN, email, account #, code, IPs...)
100%
round-trip rehydration accuracy in smoke tests
METHOD

Mask first, ask questions never

The external model never gets a vote on whether something is sensitive — detection happens before it's ever in the request.

Detect
Regex/pattern NER scans the prompt for PII, financial identifiers, and code signatures — a stand-in for a fine-tuned spaCy/BERT model.
Mask
Every hit is replaced with an opaque token (<<SSN_1>>, <<EMAIL_1>>); the real value is written to a session-scoped token vault.
Queue
The masked payload moves through an async queue — a stand-in for the Kafka producer/consumer pipeline.
Call
Only the masked prompt reaches the external LLM (mock, or a real Claude call instructed to preserve tokens verbatim).
Unmask
Tokens in the response are resolved back to real values, but only for the authorized session that submitted them.
FINDINGS

What the synthetic test runs showed

A synthetic client-note prompt containing an SSN, DOB, account number, email, phone, and address was fully masked — 8 entities in one message — with zero leakage to the mock external call.
A fabricated proprietary trading algorithm was withheld from the external model entirely as a code block, not just partially redacted, since even a masked snippet can leak structural IP.
A clean control prompt (no sensitive content) passed through untouched, confirming the gateway doesn't over-mask benign requests.