About CloakLLM
CloakLLM started as a small personal itch: using LLMs without sending people's personal data along with every prompt. Then came Article 12 of the EU AI Act — log every high-risk AI interaction — colliding with GDPR's retain no personal data. Two mandatory laws pointing in opposite directions, and one resolution: strip the personal data before anything reaches a log.
That's what CloakLLM became: open-source infrastructure that protects prompts, produces tamper-evident evidence, and lets anyone — including the auditor across the table — verify that evidence independently. Compliance you can verify, not compliance you're asked to believe.
The principles
Publish the limits
Every compliance report carries an honest per-article coverage matrix — what CloakLLM provides AND what remains your responsibility. The verifier prints what a passing result does not prove. A compliance tool that hides its edges isn't one.
Measure, don't assert
Detection quality is a published number (~94% character-level scrub on a deliberately messy benchmark), not a claim. The benchmark exists because it once caught our own detector leaking — it's been a release gate ever since.
Verify, don't trust
Every artifact — hash chains, signatures, timestamps, reports — verifies independently with standard tools. Your auditor checks the evidence without our SDK and without trusting our code.
Who's behind it
CloakLLM began as Ziv Chen's idea and code — the detection engine, the tamper-evident audit chain, the verifier; he's co-founder & CTO. Adam Azani joined as co-founder & CEO. Together they build in public: four packages (Python SDK, JavaScript SDK, MCP server, and the standalone verifier), roughly 2,000 automated tests, 13 detection locales, and a full pre-release audit — published, findings included — for every version.
A fair question for any early-stage company: what if it disappears? CloakLLM has an unusual answer, by design: it's MIT-licensed open source, it runs entirely in your infrastructure, and your evidence verifies with standard tools — OpenSSL included — whether or not we exist. The architecture is vendor-failure-proof. Most vendors ask you to trust them; CloakLLM is built so you don't have to.
Using CloakLLM? Preparing for a 2027 audit?
We're talking to teams deploying AI under the EU AI Act — what you're building, what an audit will ask of you, and what's missing. Auditors and certification bodies especially welcome.
Talk to us