|Ben @ Grepture

Introducing Grepture — Content-Aware API Security Proxy

Meet Grepture — a content-aware proxy that detects and controls sensitive data in your AI traffic before it ever reaches an LLM.

Why we built Grepture

Every day, millions of API calls flow between applications and large language models. Hidden inside those requests are names, emails, API keys, proprietary source code, and other data that should never leave your network.

Most teams discover this the hard way — after a credential has leaked into a model's training data, or after a compliance audit flags unprotected PII flowing to a third-party API. The usual response is bolting on manual checks or training developers to scrub prompts by hand. Neither scales, and nobody enjoys doing it.

We built Grepture to fix this at the infrastructure level. It sits between your application and any AI provider as a programmable proxy. Every request and response gets scanned for PII, secrets, and sensitive patterns — then redacted, masked, or blocked based on your policies. No code changes, no manual review bottlenecks. Just set your rules and let traffic flow.

The problem with "just be careful"

Engineering teams shipping AI features move fast. Prompts get assembled from user inputs, database records, support tickets, and internal docs. Any of these can contain:

  • Customer PII — names, emails, phone numbers, addresses that fall under GDPR and CCPA requirements
  • Secrets — API keys, database connection strings, OAuth tokens accidentally included in context windows
  • Proprietary data — source code, internal documentation, trade secrets pasted into prompts

Asking every developer to manually audit every prompt just isn't realistic. You need automated detection at the network layer — before data leaves your infrastructure.

How it works

  1. Detect — Configurable rules identify personal data, credentials, and intellectual property in real time. Grepture ships with 50+ built-in regex patterns on the free tier (80+ on Pro), covering common PII formats, secret patterns, and code fingerprints. On top of that, AI-powered detectors handle the things regex can't — like names in freeform text, prompt injection attempts, and toxic content. You can also add custom rules for your specific data landscape.
  2. Act — Redact, mask, tokenize, block, or log sensitive data based on policies you define per model, endpoint, or data type. Policies are composable — stack multiple rules, set sensitivity thresholds, and match your compliance requirements exactly.
  3. Restore — On the response path, Grepture rehydrates redacted tokens so your application receives complete, usable data. The LLM never sees the real values, but your application works as if nothing happened.

What's under the hood

Rules + AI, working together. The core detection engine is deterministic and rule-based — transparent, auditable, and fast (sub-millisecond per rule). But some things are hard to catch with regex alone. That's where our AI-powered detectors come in: local AI models for names and locations, prompt injection scoring, toxicity detection, DLP for source code and credentials, and compliance domain flagging. All AI models run locally on our infrastructure — your data never gets forwarded to yet another third party. For the full story on how we think about detection, check out our PII detection best practices post.

Mask and restore. This is one of our favorite features. Instead of permanently stripping data, Grepture can replace sensitive values with tokens, store the originals in a secure vault with a TTL, and then swap them back into the response. The LLM processes a clean prompt, and your app gets the real data back. No information lost, no PII exposed. For a deep dive into how this works and when to use it, check out our mask and restore guide.

Zero-data mode. Enable this and Grepture processes every request in memory only. No request bodies, no response bodies, no headers touch our storage. Only operational metadata — method, status code, latency, which rules fired — gets logged. Your prompts and completions stay yours.

Streaming support. Grepture handles Server-Sent Events natively, detokenizing streamed chunks in real time. No buffering the entire response, no latency hit.

Drop-in integration. Install the SDK, wrap your existing OpenAI client, and you're done. Every request flows through the proxy — scanned, logged, and protected — with zero changes to your application logic.

npm install @grepture/sdk

Works with OpenAI, Anthropic, Google AI, Azure OpenAI, Mistral, Groq, Cohere, AWS Bedrock, and any OpenAI-compatible provider. Or use grepture.fetch() as a drop-in replacement for fetch to protect any HTTP call.

The dashboard

You get full visibility into what's happening with your traffic:

  • Traffic log — See every request, which rules matched, what actions were taken, and how long it all took
  • Rule builder — Create and manage detection rules visually with conditions, actions, and priority ordering
  • Playground — Test requests against your rules before going live
  • Team management — Invite your team, assign roles, and manage access
  • Compliance reports — Generate PDF reports for audits (Business plans)
  • Activity log — Full audit trail of every config change (Business plans)

Who it's for

  • Engineering teams shipping AI features who need to prevent data leaks without slowing down development
  • Compliance teams who need audit logs and automated PII controls to satisfy GDPR, CCPA, and EU AI Act requirements
  • Security teams looking for visibility into what data is flowing to third-party AI providers — see our guide on preventing data leaks in LLM API calls

Get started

Grepture is free for up to 1,000 requests per month — no credit card required. You also get 25 AI-powered detection requests to try out the advanced features. Setup takes under five minutes: configure your detection policies in the dashboard, install the SDK, and every AI request is protected from that point forward.

The proxy core and SDK are open source, so you can self-host if you need full infrastructure control. We're hosted in the EU with 99.98% uptime.

We're excited to share Grepture with the developer community — give it a spin and let us know what you think.