Orion Soft has launched StarGuard AI, a security gateway that sits between employees and large language models and decides what data is allowed to leave the building. The Russian infrastructure-software vendor pitches it as a way to centralize corporate access to ChatGPT, Claude, DeepSeek, GigaChat, YandexGPT, and on-premise models, while logging everything along the way.
How it actually works
The product runs as a corporate reverse proxy. Every prompt and every response passes through a stack of detectors before it crosses the security perimeter, according to the company's product page. There are three detection layers: plain regex, an ML detector tuned for personal data, and an LLM-based detector that reads context rather than matching keywords.
The headline trick is masking. When someone in HR or accounting pastes a document full of names, passport numbers, or tax IDs into a cloud model, StarGuard swaps that data for placeholder tokens before it ships out, then unmasks the model's reply on the way back. The user gets a normal-looking answer and the sensitive data, in theory, never leaves the network. Whether the masking holds up against messy real-world documents is the part worth testing, not taking on faith.
Why now
The timing leans on a survey from K2 Cybersecurity and Kaspersky, which polled specialists at more than 200 large Russian companies across IT, finance, retail, telecom, construction, and pharma. The number Orion Soft keeps pointing to: only 22% of those firms have carved out a dedicated budget for AI security, per the joint study. Meanwhile 61% said they want to control how employees use third-party AI services but run into technical and organizational walls trying.
That 61% is the real sales pitch. A K2 expert quoted in the research called the budget-setting firms a sign of "a mature approach," which is the kind of thing you say about the customers you'd like to have. The gap between wanting control and having it is exactly the space a product like this is built to fill.
The threats it claims to catch
Beyond data leaks, StarGuard says it flags jailbreak attempts, prompt injections, and off-topic or toxic content in both directions. The prompt-injection angle is aimed at AI agents: a malicious instruction buried in a PDF or DOCX that tells an agent to do something it shouldn't, like exfiltrate data. Built-in OCR pulls text out of PDF, XLSX, and DOCX files so the detector can inspect it before it reaches the model.
That agent-protection feature, though, is listed as still in development on the company's own roadmap, marked for late 2025. So the pitch and the shipping reality don't fully line up yet.
Editions and what's missing
Three tiers: a Community edition capped at 25 users and one provider, an Enterprise edition with SSO and the full detector stack, and an air-gapped build that talks only to local models for organizations that want zero internet exposure. The isolated edition is tied to FSTEC certification.
Notably absent from the materials: any independent benchmark of detection accuracy, false-positive rates, or latency added by routing every request through the proxy. For a tool whose whole job is intercepting traffic, the performance cost is the question buyers will ask first, and it isn't answered.
Orion Soft's banner says StarGuard is slated for the Russian Ministry of Digital Development software registry in June. That registry listing is the next concrete milestone to watch.
