Demo capture
Briefcase AI Scan
A healthcare chatbot looks clean to the patient. The wire capture shows PHI and tracker calls before they ship.
Patient view
Clean healthcare chat UI
Visit summary
Patient
Hi — my recent CT noted a small nodule. I'm 52, on metformin, and want to know if I should see oncology.
Wire capture
Outbound requests from the same session
How it works
Three steps from chatbot to clean release.
01
Capture
Drive your AI surface — chatbots, copilots, EHR embeds, mobile apps — through a real session. We record every outbound request, header, and payload.
02
Detect
Adapters identify the SaaS and SDK behind each call. PHI detectors flag patient identifiers, conditions, and medications leaking into third-party traffic.
03
Block
Findings ship with reproducible rules. Wire them into your CSP, gateway, or in-app guardrails before the same payload reaches production.
What we catch
Health-grade detectors, not generic linting.
Rules tuned for AI surfaces in healthcare: model APIs, vector stores, analytics SDKs, retargeting pixels, ad networks. Every finding is reproducible from a captured HAR.
PHI in payloads
- MRN / DOB / SSN
- Diagnosis text
- Medications
- Provider notes
Trackers & pixels
- Meta Pixel
- Google Ads / GA4
- Mixpanel · Heap
- Pendo · Amplitude
AI surfaces
- OpenAI · Anthropic
- Vector store calls
- Tool / function calls
- Scribe & copilots
Auth modes
- OAuth / SAML
- OKTA · Auth0
- Cookie-jar replay
- WebAuthn
Who it's for
Built for the teams shipping AI into clinical workflows.
Security & privacy
Catch HIPAA-relevant leakage before legal does. Export the rule, hand it to engineering, move on.
AI / product engineering
Snapshot your AI surface on each release. Diff trackers and PHI exposure across versions.
Healthcare compliance
Reproducible evidence per scan, signed artifacts, 30-day retention with HIPAA mode.
Stop shipping the blind spot.
Start with one scan. The first capture is free, and you'll see exactly what your AI surface is sending into third-party infrastructure.