Your employees are pasting customer data into ChatGPT. Here's how to fix it without blocking anything.
Your employees are using AI. Every day. The question isn't if — it's how much, which tools, and what data are they sharing?
of 22.4M enterprise AI prompts risk exposing sensitive data — credentials, PII, internal strategy, proprietary code.
Harmonic Security, 2025 ↗of enterprises plan to deploy autonomous AI agents within two years — but only 21% have mature AI governance in place.
Deloitte, 2026 (N=3,235) ↗The tools are scaling. The guardrails aren't.
If you're a Nordic company, the stakes are higher than most. GDPR isn't a suggestion here — IMY has shown it will investigate, and fines are real. When your employee pastes a customer's personnummer into ChatGPT, that data just left the EU, hit servers in the US, and you have zero documentation that it happened.
Try explaining that to your DPO.
The Shadow AI problem
Shadow AI is any AI tool used by employees outside official IT oversight — the next evolution of Shadow IT, but with significantly higher stakes.
None of these interactions are logged, monitored, or governed by your security stack:
- An employee pastes a customer contract into ChatGPT for summarisation.
- A developer feeds proprietary source code into Copilot.
- Someone in finance runs a P&L through Claude for analysis.
You can write a policy. You can block chatgpt.com on the corporate firewall. Your employees will use their phones, their personal laptops, or one of the thousands of AI tools your blocklist doesn't cover.
The companies that figure this out won't be the ones that say “don't use AI.” They'll be the ones that say “use AI — through this door.”
The governed channel
Brain Orchestra is an AI gateway. Your developers swap one API base URL, and every AI request in your organisation flows through a governed channel — logged, PII-scrubbed, and compliant before it reaches any provider.
# Before: direct to provider, unmonitored
client = OpenAI(api_key="sk-your-openai-key")
# After: same SDK, governed channel
client = OpenAI(
api_key="bo_live_your-key",
base_url="https://api.brainorchestra.ai/v1"
)Same OpenAI SDK. Same code.
The hard part isn't those two lines. It's getting every team to actually route through the gateway instead of their personal API keys. That's a people problem, not a technology problem. But here's what makes it solvable: once the gateway is live, you can see who's using it and who isn't. The audit trail makes the invisible visible — and that changes the conversation from “please use this” to “we can see you're not.”
Territorial compliance
Brain Orchestra enforces four territorial tiers per project. Set one. The gateway enforces it as a hard constraint — not a policy document.
| Tier | What it means |
|---|---|
eu_sweden | Data stays in Sweden. Sweden-hosted models only. |
eu_strict | Data stays in the EU. No US providers, period. |
eu_cloud | EU-hosted inference. Claude via AWS Bedrock Frankfurt, Mistral direct API. |
unrestricted | All providers, including US. You choose. |
Hard constraint, not advisory
If a developer accidentally tries to route a request to a US-hosted model on an eu_strict project, they get a 400 error with a list of compliant alternatives. Not a silent fallback. Not a log entry you'll find in six months. An immediate, actionable rejection.
Built into routing, not marketing
Most US-based AI wrappers claim “GDPR compliance” but fail when you ask for a DPA that specifically excludes US-based sub-processors. Brain Orchestra's territorial enforcement is built into the routing engine, not into a terms-of-service document.
PII detection
Brain Orchestra scans prompts through an open-source NER engine running on our own EU infrastructure. Not a third-party API. Not an external PII service that creates another data egress point. It runs on the same servers as the gateway — your data never leaves EU soil for the scan.
Detected entities
Languages
All caught and replaced with consistent pseudonyms before the request touches any LLM provider.
PII scanning is opt-in per project. You enable it in the dashboard when you need it. Once it's on, every prompt is scrubbed before it reaches a provider.
Against LLM inference times of hundreds of ms to seconds, negligible. P95 production benchmarks publishing soon.
Audit trail
Every request — successful or rejected — produces a durable audit record:
- Timestamp, user identity, model, provider, territorial tier
- Token counts, cost in EUR, latency
- PII detection summary: what was found, what was redacted
- Request status and error codes
Export as CSV. Filter by user, model, date range, status. Hand it to your DPO and say “here's every AI interaction in the company for the last quarter.”
When IMY comes knocking, you want to be the company that opens a spreadsheet, not the one that opens an incident.
One invoice, two key models
Your developers have API keys for OpenAI, Anthropic, Mistral, Google, maybe AWS Bedrock. Each provider has its own billing, its own invoicing cycle, its own currency. Brain Orchestra gives you one prepaid EUR balance. One invoice. Per-user and per-model cost attribution. You know exactly what AI costs your company, broken down by team, project, and individual.
Bring your own keys (BYOK)
If you already have provider contracts, bring your own API keys. We charge nothing for routing BYOK requests. You get the governance, the audit trail, the PII scanning, and the territorial enforcement without paying us a markup on tokens.
- ✓Your existing provider contracts
- ✓Zero platform fee on routing
- ✓Full governance + audit + PII
- ✓Territorial enforcement included
Managed keys
If you'd rather not manage provider relationships, use our managed keys at provider cost plus 5%.
- ✓No provider relationships to manage
- ✓One prepaid EUR balance, one invoice
- ✓Per-user + per-model cost attribution
- ✓Provider cost + 5%
Most gateways charge per-seat or per-request regardless of whose key is being used. We think that's the wrong model when what you need is the governance layer.
What Brain Orchestra doesn't do
We don't stop personal browser usage.
If an employee opens their phone, navigates to chatgpt.com, and pastes a customer list — we don't see that. We're not an endpoint agent. We don't monitor browsers or desktops. Endpoint monitoring tools exist for that. We govern what goes through the gateway. The responsible architecture is both: a governed channel for sanctioned AI use, and endpoint monitoring to catch what bypasses it.
We don't do prompt injection detection.
Brain Orchestra operates at the infrastructure layer — routing, logging, PII, compliance. Prompt injection and jailbreak prevention are application-layer concerns. They're important, but they're a different product.
Built for Nordic enterprises
We built Brain Orchestra in Sweden because this is where we see the gap.
US SaaS vendors build compliance as an afterthought — “we have a DPA, check the box.” That doesn't hold up when your customer is a Swedish municipality, a Norwegian bank, or a Finnish healthcare provider. These buyers need to know exactly where data is processed, by whom, under which legal framework, and they need to prove it to their regulators.
Our infrastructure runs in the EU. Our strictest tier keeps data in Sweden. Our DPA references actual GDPR articles, not marketing language. Our sub-processor list names every provider, every region, every transfer mechanism — both available on request.
The gateway itself is subject to the same security posture we enforce for customers: encrypted in transit and at rest, no plaintext credentials in the database, durable audit logging that records even its own failures, and a regression test suite that runs before every deploy.
This isn't governance theatre. It's governance that survives an audit.
Three positions. One is new.
Brain Orchestra is in early pilot. We're onboarding a small number of Nordic companies who take AI governance seriously and want to get it right before regulators force the issue.
Hope nobody pastes something sensitive into an unmonitored tool.
Block AI entirely and watch productivity walk out the door.
A governed channel. Use AI — through this door.
The shadow AI problem is real. But the answer isn't less AI — it's better infrastructure around it.
Sources
- Harmonic Security, What 22 Million Enterprise AI Prompts Reveal About Shadow AI (2025).
- Deloitte, The State of AI in the Enterprise (2026, N=3,235).