Enterprise Security

AI Coding Tools Are Your Largest Uncontrolled Data Egress Channel

Enterprise security programs have perimeter controls, DLP, and endpoint protection. None of them intercept what developers send to GitHub Copilot, Cursor, or Claude Code. Pretense closes that gap.

Start Free Trial Talk to an Enterprise Expert

$99Per seat per month (Enterprise)

On-premDocker + Kubernetes deployment

SIEMSplunk, Sentinel, Elastic

SSOSAML, SCIM via BoxyHQ

The Problem

Why existing controls do not address AI coding tool risk for enterprise security teams.

No visibility into AI tool traffic

Your SIEM, DLP, and endpoint tools do not log what developers send to LLM APIs. The traffic is HTTPS, it terminates at Microsoft, Anthropic, or OpenAI, and it is invisible to your security controls. You have no idea how much proprietary code has already left your environment.

AI adoption is outpacing governance

Security teams are writing policies. Developers are already using AI tools. The gap between policy and practice widens every quarter. By the time policies are enforced, months of unprotected AI requests have already occurred.

Compliance frameworks have not caught up

SOC2 auditors are beginning to ask about AI tool usage. HIPAA requires protection of PHI in all systems, including developer tooling. GDPR applies to any personal data that touches AI training pipelines. Your compliance posture has a gap you cannot document your way out of.

How Pretense Solves It

Single pane of glass for AI API traffic

Pretense dashboard provides real-time visibility into every AI API request across your organization. See which providers are being used, what mutation rates look like, and which teams generate the most AI tool traffic. All without deploying network sensors or modifying endpoints.

Policy enforcement at the request layer

Define mutation rules per repository, team, or provider. Block requests containing specific patterns. Require minimum mutation coverage before requests are forwarded. Policies are enforced in the proxy, before the LLM receives anything.

Compliance reporting that satisfies auditors

Export SOC2 and HIPAA compliance reports as PDF or JSON. Each report includes request volume, mutation statistics, blocked secrets count, and audit timestamps. Pretense audit logs can be forwarded to Splunk, Sentinel, or Elastic via the SIEM integration.

Enterprise deployment options

Pretense ships with Docker Compose and Kubernetes Helm charts for on-premises deployment. SSO via BoxyHQ (SAML, SCIM). SIEM integration for CEF, LEEF, and JSON formats. Dedicated enterprise support with SLA.

Compliance Coverage

Pretense generates audit evidence and compliance documentation for the frameworks that matter to enterprise security teams.

SOC2 Type II

Audit log exports with mutation metadata

HIPAA

PHI detection and blocking before LLM transmission

GDPR

Data residency controls, local-first architecture

ISO 27001

Controls mapped to A.8 Asset Management

SIEM Integration

Splunk, Sentinel, Elastic connectors

SSO / SCIM

BoxyHQ SAML and directory sync

What the LLM Actually Sees

Pretense transforms proprietary identifiers into synthetic tokens before transmission. Structure and logic are preserved. Your IP is not.

Without Pretense: identifiers exposed

// Sent to LLM provider verbatim
async function fetchPatientMedicalHistory(
  patientId: string,
  includeSSN: boolean
) {
  return await ehrClient.getRecord(
    patientId, ENCRYPTION_KEY
  );
}

With Pretense: synthetic identifiers only

// Pretense-mutated before transmission
async function _fn4a2b(
  _v8c3d: string,
  _v2f1a: boolean
) {
  return await _v9e4b._fn7d2c(
    _v8c3d, _v6b1a
  );
}

After the LLM responds, Pretense reverses every mutation. You receive real, working code with your original identifiers restored byte-for-byte.

Frequently Asked Questions

Can Pretense be deployed on-premises without cloud connectivity?

Yes. Pretense ships with Docker Compose and Kubernetes Helm charts. The proxy, dashboard, and audit store can all run in your data center or VPC with no outbound connectivity to Pretense infrastructure.

How does Pretense integrate with existing SIEM systems?

Pretense exports audit events in CEF, LEEF, and JSON formats. The SIEM integration supports Splunk HEC, Microsoft Sentinel via Log Analytics API, and Elastic via Logstash. Events include mutation metadata, blocked secrets, provider details, and request hashes.

What is the procurement and security review process?

Pretense provides a full security package including SOC2 report, penetration test results, architecture diagram, mutation algorithm documentation, and data flow documentation. Enterprise procurement typically completes in two to four weeks.

How does Pretense handle AI tools used on personal devices?

Device management policies can mandate proxy configuration for all development environments. Pretense also supports CI/CD enforcement: builds fail if unprotected AI API calls are detected in the pipeline.

Explore More Use Cases

AI Coding Tools Healthcare Compliance Financial Services

Protect your enterprise security team in 30 seconds

One environment variable. No code changes. No workflow disruption. Pretense intercepts every AI API request from day one.

Start Free Trial View Pricing

No credit card required. Free tier available. Local-first, nothing leaves your machine.