Data Loss Prevention (DLP)
Real-time scanning of MCP tool-call payloads for PII, credentials, and financial data — with automatic redaction before content reaches upstream servers.
How It Works
The DLP scanner runs inline within the ShieldAgent security pipeline on every tools/call request. Every string value — including nested JSON — is scanned for sensitive data. Findings are classified by severity and GDPR category.
When a finding is detected, the proxy can redact the sensitive value in place and forward the sanitised request, block the call entirely, or log only in shadow mode. The audit trail always records what was found, even when redacted — but never the raw secret.
Encoding Bypass Detection
Attackers sometimes encode PII in base64 or URL-encoding to bypass pattern scanners. ShieldAgent DLP includes encoding-aware scanning that automatically handles obfuscated payloads before applying detection rules.
Detection Coverage
ShieldAgent DLP provides comprehensive sensitive data detection across 20+ categories with encoding-aware scanning. Detected data is classified by severity and GDPR category.
Categories
- Personal Data (PII) — Email addresses, phone numbers (US/EU), national identity numbers (SSN, DNI/NIE, BSN, NIR, NINO, German ID), EU passports, EU VAT numbers
- Financial Data — Credit card numbers, IBAN, routing numbers
- Credentials — Cloud provider keys, platform tokens, generic API keys, passwords, private keys
All pattern matchers include checksum validation where applicable to minimise false positives. Findings are classified as critical, high, or medium severity depending on the data type.
GDPR Classifications
Every finding carries a GDPR data classification so downstream systems (audit trail, compliance reports) can make informed decisions without re-parsing the raw type.
| Class | GDPR article | Meaning |
|---|---|---|
| personal_data | Art. 4(1) | Any information relating to an identified or identifiable natural person |
| special_category | Art. 9 | Health, biometric, genetic, racial/ethnic origin, political opinions, religious beliefs |
| financial_data | Various | Payment card data, bank account numbers, routing numbers |
| credential | — | Authentication secrets — API keys, tokens, private keys, passwords |
Redaction Strategies
When a finding is detected, the proxy applies the configured redaction strategy. Redaction replaces the matched value in-place so the sanitised request can still be forwarded to the upstream server.
| Strategy | Behavior |
|---|---|
| redact | Replace matched value with a redaction token. Request is forwarded with sanitised content. |
| block | Reject the entire tool call and return an error to the agent. Nothing forwarded upstream. |
| log_only | Record the finding in the audit trail but do not modify or block. Use in shadow mode rollout. |
Redacted values in audit events are stored as partial matches only — never the full sensitive value.
API Reference
DLP findings are surfaced through the audit events API and the agents risk endpoint. All endpoints require a bearer token. See Authentication for details.
Example — fetch DLP events for an agent
curl -s 'https://api.shieldagent.io/tenants/:tenantId/audit-events?agentId=:agentId&threatType=data_loss&limit=50' \
-H 'Authorization: Bearer <token>'Audit event shape (DLP finding)
{
"id": "ae_...",
"agentId": "...",
"toolName": "write_file",
"outcome": "blocked",
"threatType": "data_loss",
"dlpFindings": [
{
"type": "email_address",
"severity": "medium",
"redactedMatch": "j***@example.com",
"gdprClassification": "personal_data"
}
],
"timestamp": "2026-04-24T10:32:00.000Z"
}Risk Score Impact
DLP findings feed directly into the agent's Risk Scoring model. Blocked calls and auto-redacted requests both raise the agent's risk score and appear as signals in the risk dashboard and anomaly detection.