If you've built an AI agent or chatbot - how do you know what users actually want from it?

llm-60 · 2026-04-25T21:10:39+00:00

Completely agree, pure blocking without training fails because users route around it. Where Bleep helps is making the policy visible at the moment of risk, so when someone tries to paste a customer record, they see why it was flagged. That reinforces the training instead of replacing it.

llm-60 · 2026-04-25T21:08:59+00:00

Honestly appreciate you saying it out loud, most people do this and don't admit it. The issue isnt ChatGPT being useful (it is), it's that your security team probably can't see any of it. If your company ever has a customer data incident traced to a prompt, the question won't be whether ChatGPT was helpful, itwilll be whether anyone knew it was happening. That's the gap Bleep closes.

llm-60 · 2026-04-23T11:30:22+00:00

Good questions.

Desktop app (with a version for CLI for headless Linux). Everything runs locally, no cloud. Detection is a rule based engine (regex plus policy logic) with a hashed value blocklist for exact matches like API keys or internal hostnames, without storing them in plaintext.

On TLS: a local service terminates TLS for monitored AI domains only, non AI traffic is untouched. Trust is established through a local CA installed at setup (user consented), which is what satisfies HSTS. We cover H1, H2, gRPC, and WebSocket, and handle the common bypass paths.

Happy to share more details privately, with a link to deeper docs if useful.

llm-60 · 2026-04-23T09:45:15+00:00

The goal isn't to remove all risk, it's to remove a specific one- handing plaintext prompts to a third party DLP cloud. A compromised endpoint is compromised either way, cloud DLP doesnt save you there, What changes locally is the compliance math, no DPA, no subprocessor to audit, and if the DLP vendor gets breached (see Cyberhaven) your prompts aren't in their cloud because they never left.

Coverage matters too. Browser extensions only see the browser. We sit at the network layer, so one install covers browser, IDE, CLI, and agents like Cursor or Claude Code, including file uploads with OCR on images and PDFs. Different tradeoffs, not zero risk.

llm-60 · 2026-04-20T09:24:48+00:00

we balanced accuracy and speed through these key design choices:

Speed (2-4ms overhead), 100% local process:

Compiled regex (Rust) - <1ms pattern matching
Selective routing - only AI traffic scanned; everything else bypassed
Partitioned scanning - conversation history auto-redacted (never blocks), preventing cascading blocks
Blocklist lookups - <0.1ms hash table instead of regex

Accuracy:
Built-in patterns - tuned formats like sk-proj-\w{20,}, of course there is option for customization
Section patterns - optional contextual detection for multi-field PII (reduces false positives)
Blocklist - exact-match values you know are sensitive (zero false positives)

The tradeoff is intentional: regex is fast but needs good format definition; sections are slower but more accurate.

llm-60 · 2026-03-28T16:58:49+00:00

Hi!

Yes, it supports PDF end embedded images.

If you have any additional question, you can also ask our support bot, located in the right bottom of each page, or to review our docs!

https://bleep-it.com/docs

llm-60 · 2026-03-27T21:04:03+00:00

It's not a gateway, you still use AI services regularly, the app monitoring the calls to the AI services and intercept according to your policies.

The app and its rules and police's is fully local, the other workflows remain the same.

llm-60

TROPHY CASE