Executive Summary
KI-Shield is a compliance proxy and an additional technical safeguard within the meaning of Art. 25 and Art. 32 GDPR, enabling companies to use Large Language Models (LLMs) such as ChatGPT, Claude and Gemini — without exposing personal data.
The system automatically detects 42 categories of personal data in real time, pseudonymizes them before transmission to the AI provider, and restores the original data after the response. The entire process is documented in a cryptographically signed audit chain.
What makes KI-Shield unique: A Zero-Knowledge Architecture where even the operator cannot read user data. Combined with Post-Quantum Cryptography (ML-DSA-65 + Ed25519 hybrid signatures) that protects audit evidence against future quantum computers.
The Problem
The use of AI language models in regulated industries faces a fundamental dilemma: The productivity gains are enormous, but so are the privacy risks.
Why Existing Solutions Fail
System Architecture
KI-Shield consists of 24 Docker containers on a dedicated Hetzner server in Germany. The architecture follows the Defense in Depth principle — 8 security layers protect every request.
User KI-Shield (EU/DE) LLM-Provider | | | | "Herr Müller hat | | | Diabetes Typ 2" | | |———————————————>| | | Layer 1 | TLS 1.3 Terminierung | | Layer 2 | WAF (Coraza + OWASP CRS v4) | | Layer 3 | CrowdSec + Rate Limiting | | Layer 4 | JWT/API-Key Authentication | | Layer 5 | PII-Detection (42 categories, 46 Recognizer) | | | | | | "[PERSON_1] hat | | | [MEDICAL_1]" | | |——————————————————>| | | | | | "[PERSON_1] should ... | | |<——————————————————| | Layer 6 | De-Pseudonymisierung | | Layer 7 | Audit-Chain (Hybrid Signature) | | Layer 8 | AES-256 Zero-Knowledge Encryption | | | | | "Herr Müller should ... | | |<———————————————| |
Container Overview
Infrastructure Hardening
Every container runs with maximum security restrictions:
PII Detection Engine
The heart of KI-Shield: A multi-layer detection pipeline that detects personal data using three complementary methods — before it leaves the EU server.
42 PII Categories in 4 Groups
Quality Assurance
An automated PII QA process tests 500 samples against the detection engine every 6 hours and monitors precision, recall and F1 score. Adversarial test cases specifically check evasion attempts (Unicode tricks, whitespace injection, multilingual input).
Zero-Knowledge Architecture
The most radical security feature of KI-Shield: Even the operator cannot read user data. No trust required — cryptographically secured.
Step 1: Login Password → Argon2id(memory=64MB, iterations=3, parallelism=4) → 256-bit Encryption Key → exists ONLY in RAM (never in DB, never on disk) Step 2: Data Storage Chat message → AES-256-GCM(key=RAM-Key, nonce=random) → encrypted blob in PostgreSQL → without key = random bytes Step 3: Consequence ✓ Server admin sees: encrypted blocks ✓ Database dump contains: nothing readable ✓ Even if seized: data worthless ✓ Password reset = data loss (by design)
- ✓ Encrypted blobs (AES-256-GCM)
- ✓ Argon2id hash of password (for authentication)
- ✓ Signed audit hashes (integrity proof)
- ✓ Email address (for login)
- × Password in plaintext
- × Encryption key (only in user's RAM)
- × Readable chat messages
- × Pseudonym mapping tables in plaintext
Post-Quantum Cryptography
Quantum computers will be able to break today's signatures within the next 10–15 years. But audit evidence must hold up for decades. KI-Shield is prepared for this.
Hybrid Signature: Belt & Suspenders
- • Elliptic Curve (Curve25519)
- • 128-bit security level (signature security, not encryption – KI-Shield uses AES-256)
- • Industry standard, extremely fast
- • Vulnerable to Shor's algorithm (quantum computers)
- • NIST FIPS 204 (standardized August 2024)
- • Module-Lattice-Based Digital Signature
- • NIST Security Level 3 (192-bit)
- • Resistant to all known quantum attacks
signature = { ed25519: sign(hash, classical_key), ml_dsa_65: sign(hash, pq_key) }
// Both must be broken for the signature to fall
Since 2024, the BSI recommends the use of Post-Quantum Cryptography for long-lived signatures. From 2025, the eIDAS 2.0 regulation requires quantum-safe signatures for qualified trust services. KI-Shield is one of the first commercial products in Germany to use ML-DSA-65 in production — a clear competitive advantage and a sign of technical excellence.
Market & Positioning
(MarketsandMarkets, CAGR 34,8%)
in Germany alone
— compliance becomes mandatory
Target Groups
Competitive Matrix
| Feature | KI-Shield | Private AI | Presidio (alone) | Azure AI |
|---|---|---|---|---|
| EU-Hosting (DE) | ✓ | × | Self-hosted | × |
| Zero-Knowledge | ✓ | × | × | × |
| Post-Quantum-Signaturen | ✓ | × | × | × |
| Chat UI for end users | ✓ | × | × | ✓ |
| REST API | ✓ | ✓ | ✓ | ✓ |
| BYOK (own API key) | ✓ | × | n/a | × |
| Art. 9 GDPR categories | ✓ | partial | × | partial |
| Blockchain-Audit-Trail | ✓ | × | × | × |
| Price (entry) | 0 € | on request | Open Source | $1/1000 calls |
Business Model & Unit Economics
KI-Shield follows a SaaS model with freemium entry and BYOK principle. The user brings their own API key — KI-Shield has no variable AI costs per request.
Unit Economics
Compliance Framework
KI-Shield was built from the ground up for regulated industries. The compliance architecture simultaneously addresses multiple jurisdictions and standards.
Audit Chain: Audit-Proof Documentation
Every AI interaction creates an audit block with:
Risk Assessment
Per ISO 31000, 20 risks in 6 categories were identified and assessed. The result: 0 critical, 4 high, 12 medium and 4 low risks. All high risks have measures with residual risk ≤ Medium.
After applying all measures: 0 high residual risks, 7 medium, 13 low. The complete risk assessment (document KIS-RISK-001) covers privacy, AI-specific, technical, organizational, compliance and post-quantum risks.
Roadmap & Vision
Summary
Or contact us: info@ki-shield.eu