Polygraf debuts desktop AI tool to curb data leaks

Polygraf AI has launched a desktop-based compliance tool that spots sensitive information as employees type, as companies face new data leakage risks tied to AI assistants, chat tools and browser applications.

The product, called Desktop Overlay, runs on user machines and scans text entered into enterprise applications, email clients, browsers and AI tools. It flags information within 100 milliseconds and warns users before content is sent outside the organisation.

Many organisations already use data loss prevention software, but these systems often detect issues only after information has left the business or has been logged. The rise of generative AI in everyday work has widened exposure because staff can paste or type confidential content directly into prompts and messages.

Desktop warnings

Desktop Overlay sits at the user interface and highlights what it identifies as sensitive content using colour-coding. It marks confidential data such as employee identifiers and contact information in yellow, and regulatory data such as Social Security numbers, API keys and protected health information in red.

Polygraf describes the product as a real-time compliance assistant that intervenes at the point of creation rather than after transmission. The approach emphasises warning and guidance rather than blocking workflows, a common source of friction with traditional prevention tools.

The software requires no integration with individual applications, which could simplify deployment for security teams across mixed environments where staff use multiple browsers, messaging tools and AI services.

Local models

Desktop Overlay uses Polygraf's task-specific small language models, which run within customer infrastructure rather than in a public cloud environment. Polygraf says the models can operate with as little as a 1.3 GHz CPU and 8GB RAM and use between 40MB and 120MB of memory.

Running models locally reflects a broader push in regulated sectors to limit the movement of sensitive data. It also aligns with organisations that must meet data sovereignty requirements or keep protected information inside controlled environments.

Polygraf is positioning the tool for organisations working under frameworks such as SOC2, HIPAA, GDPR and NIST-RMF. It is also targeting government agencies and highly regulated industries where policy enforcement often needs to happen close to endpoints.

Behaviour change

Beyond detection, Desktop Overlay is designed to reinforce policy during daily work. It shows users in real time which data types the organisation treats as sensitive, reducing reliance on periodic training sessions.

In pilots, Polygraf says customers recorded up to a 72% decline in DLP triggers within four weeks of adopting the overlay. It did not name the customers or provide details on pilot size, baseline trigger volumes or the sectors involved.

Companies are still working out how to manage the risks introduced by more autonomous AI systems. Gartner has forecast that cost, unclear value and inadequate controls will lead to cancellations of some agentic AI initiatives over the next few years.

"Enterprises must transition from passive auditing to active runtime enforcement that spans the entire AI lifecycle," said Togrul Tahirov, Head of AI, Polygraf.

Polygraf says it has expanded over the past year in defence, financial services, insurance and healthcare. Those sectors often face stricter requirements around monitoring access to data and maintaining an audit trail for sensitive interactions.

Polygraf plans to demonstrate Desktop Overlay and its broader AI usage control platform at the RSAC Conference, including how the overlay works across common enterprise environments.