DLP & Content Intelligence
Detect, classify, and act on sensitive data before it leaves your organization. Multi-stage pipeline with pattern matching, ML models, and GenAI classification across six detection categories.
Detection Engine
Multi-stage pipeline combining pattern matching, machine learning, and generative AI for high-accuracy sensitive data detection.
This is not basic keyword matching. MnemoShare's DLP engine runs a three-stage pipeline: regex patterns flag candidates, ML models score confidence, and GenAI integration (Anthropic or OpenAI) provides semantic classification for edge cases. Each stage narrows false positives.
Detection Categories
- PHI: MRN, ICD-10, CPT, NPI, DEA
- PII: SSN, driver's license, passport
- PCI: credit cards with Luhn validation
- SECRETS: API keys, tokens, credentials
- INFRA: IPs, connection strings
- REGULATORY: international identifiers
Accuracy
- 40+ patterns across 6 categories
- Confidence scoring with configurable thresholds
- Post-match validation (Luhn, checksums)
- GenAI classification via Anthropic and OpenAI
Policy & Response
Configure detection policies with custom rules, violation thresholds, and response actions tailored to your compliance requirements.
Policies
- Per-policy rule selection from any detection category
- Violation threshold — minimum matches to trigger
- Filename scanning for embedded sensitive data
Actions
- Configurable responses: log, warn, or block
- Automatic masking of findings in logs and alerts
- Real-time scan results dashboard
| File | Status | Findings | Action | Scanned |
|---|---|---|---|---|
| patient_records_q1.csv | detected | 3 | block | 3/17 · 14:22 |
| EIN_letter_first_page.pdf | detected | 1 | log | 3/17 · 13:58 |
| quarterly_report.pdf | clean | 0 | log | 3/17 · 13:41 |
| audit_2026.xlsx.sha256 | clean | 0 | log | 3/17 · 12:15 |
| credentials_backup.env | detected | 4 | block | 3/17 · 11:03 |
ML Integration
Augment rule-based detection with ML-powered PII analysis for maximum coverage.
- ML-powered PII detection beyond regex matching
- AI-powered semantic content analysis beyond regex patterns
- Combines rule-based and ML-based detection for maximum coverage
Beyond traditional MFT
Most managed file transfer platforms were designed before modern threats existed. Here is how MnemoShare compares.
| Capability | Traditional MFT | MnemoShare |
|---|---|---|
| Detection method | Keyword matching or regex only | Multi-stage: regex, ML, and GenAI with confidence scoring |
| Coverage | Basic PII patterns | 40+ patterns across PHI, PII, PCI, secrets, infrastructure, regulatory |
| Accuracy | High false positive rates | Post-match validation (Luhn, checksums) + confidence thresholds |
| Response | Block or allow | Configurable: log, warn, or block with violation thresholds |
| Scanning scope | Uploaded files only | Files, filenames, email content, email attachments |
See how MnemoShare compares. Schedule a demo
Real-world use cases
PHI leak prevention
Healthcare org scans all outbound files for protected health information (MRN, ICD-10 codes, patient names). Policy blocks transfers containing PHI unless the recipient is on the approved partner list.
Financial data governance
Bank scans documents for credit card numbers, SSNs, and account numbers before external sharing. Luhn validation eliminates false positives on credit card patterns. Findings logged for compliance audit.
Credential exposure detection
DevOps team uses the SECRETS category to catch API keys, tokens, and connection strings accidentally included in file transfers. Automatic masking prevents credentials from appearing in logs.
Frequently asked questions
What types of sensitive data can MnemoShare detect?
MnemoShare detects data across six categories: PHI (medical record numbers, ICD-10 codes, NPI, DEA numbers), PII (SSN, driver's license, passport), PCI (credit cards with Luhn validation), SECRETS (API keys, tokens), INFRA (IP addresses, connection strings), and REGULATORY (international identifiers). Over 40 built-in patterns.
How does the multi-stage detection pipeline work?
Files pass through three stages: pattern matching flags potential sensitive data, ML models score confidence on each finding, and optional GenAI integration (Anthropic or OpenAI) provides high-accuracy semantic classification for edge cases. Each stage narrows false positives.
Can DLP policies be customized per organization?
Yes. Administrators create policies with custom rule selections from any detection category, set violation thresholds (minimum matches to trigger), choose actions (log, warn, or block), and enable/disable specific patterns.
Does DLP scanning work on email?
Yes. The email security gateway applies DLP scanning to email body content and attachments before forwarding, using the same detection engine and policies as file uploads.
Ready to see MnemoShare in action?
Start a free trial, schedule a walkthrough, or dive into the docs.