EXFILTRATION watches every data-egress surface: object storage, BigQuery exports, S3 cross-region copies, Snowflake external stages, and shadow-AI prompts. Flags PHI, PII, PCI, source code, and credential patterns at the wire. Included in Cloud Pro and every vertical bundle.
An average breach exfiltrates twelve gigabytes before anyone notices. EXFILTRATION watches every egress surface and flags the patterns that look like data leaving the building.
S3 public-write enable, Azure Blob anonymous-read, GCS public-bucket writes. Cross-tenant copy operations flagged in real time.
External-stage writes, large UNLOAD operations, COPY INTO of regulated tables to non-internal destinations. Routes to the security incident channel through CONDUIT.
Detects sensitive data leaving for ChatGPT, Claude, Gemini, Copilot. Blocks at the wire when policy requires; redacts and forwards in less strict modes.
Detects access tokens, API keys, and connection strings appearing in outbound traffic, public repos, and service-principal logs. Auto-rotation playbook on consent.
Read-only scan. No credit card. Full evidence pack on every finding.