Core concepts
Everything ThreatLens does follows one loop:
Classify → apply policy → take action → record.
Understanding five ideas is enough to understand the whole product:
| Concept | In one line |
|---|---|
| Data classes | The kind of sensitive data in a request (PII, payment data, secrets, financial, public…). |
| Trust tiers | How trusted an AI destination is — from a public API to your own enterprise model. |
| Policy matrix | Your rules: for each data class, where it may go and what happens if it can't. |
| Data-leak protection | How sensitive content is detected and handled — redacted, routed, or blocked. |
| Grounding | Answering from your own documents, access-trimmed and governed. |
The loop in detail
- Classify. ThreatLens inspects the content of each request — and each attached document — and assigns a data class based on what's actually there, not the filename.
- Apply policy. It looks up that data class in your policy matrix: the minimum-trust destination it may reach, and the fallback action if the chosen destination isn't trusted enough.
- Take action. It does one of: allow, redact sensitive values and send, route to an approved destination, or block. Some hazards — raw secrets and prompt injection — are always blocked.
- Record. The classification and decision are written to an immutable governance log — the system of record for audit and reporting.
Content and context, not keywords
Decisions are based on what the data is and where it's going — so a pasted figure and an attached document get the same, consistent outcome. ThreatLens does not govern by filename or simple keyword matching.
Read the five concept pages in order, or jump straight to the one you need.