AI safety & content filtering
The security gateway that screens every AI request — PII redaction, secret detection, and prompt-injection blocking.
Every AI request and response in Crux passes through a security gateway before it reaches a model or your canvas.
PII redaction
Personally identifiable information detected in AI inputs and outputs — email addresses, phone numbers, government ID numbers, financial account numbers — is automatically redacted before processing where possible. Research often contains participant details; this layer reduces the risk of them leaking into AI context.
Secret detection
API keys, access tokens, and private keys pasted into notes or documents are detected and redacted so credentials don't end up in prompts or generated output.
Abuse and injection blocking
Requests attempting prompt injection, jailbreaking, credential exfiltration, or harmful content generation are blocked automatically. This includes injection attempts hidden inside uploaded documents — important when you're processing material from outside your org.
Audit logging
Security-relevant decisions (blocks and redactions) are logged for operational review. The logs record the decision, not the redacted content itself.
What this means for you
You don't need to sanitise research before uploading — but good hygiene still helps: avoid uploading credentials, and use participant codes instead of full names where your research protocol requires it.
Related
Related articles
Documents: Security & privacy
