Is it safe to put company code into Cursor or Copilot?

Not by default. Whatever you paste or open gets sent to the AI provider's servers, including secrets and customer data. Emil sits between your tools and the model and catches API keys, credentials, customer data, and source code before they ever leave.

Can AI coding tools see my API keys and .env files?

Yes, whenever they end up in the files or prompts you send, which is the most common way secrets leak. Emil detects keys, tokens, passwords, and .env values and redacts them before the prompt reaches the model.

Does Emil slow down my AI?

No. Emil screens in the moment and hands the model a clean prompt, so you get the same responses at the same speed.

Does Emil store my prompts or my code?

No. Emil processes your text in memory and keeps only a short screening record (the decision, risk score, and a redacted preview), never the full content. Classification runs on Emil's own infrastructure, is never sent to a third-party model, and is never used for training.

Which tools does Emil work with?

Anything OpenAI-compatible: Cursor, Claude Code, Copilot, Lovable, v0, ChatGPT, Gemini, DeepSeek, Ollama, and self-hosted models. Point your tool at Emil instead of the provider, or use the browser extension if you don't write code.

Do I need to be technical to use it?

No. Developers change one line of config (the base URL). Everyone else uses the one-click browser extension that screens prompts before they reach the AI.

Solution

Stop prompt injection before it reaches your model

Attackers try to override your instructions, extract your system prompt, and jailbreak your guardrails. Emil screens every input and refuses the attack before your model ever sees it.

Protect your team For developers

The attack surface

Users jailbreak your AI into ignoring its instructions and going off-brand or unsafe.
Injected instructions can exfiltrate your system prompt or hidden context.
Indirect injection hides instructions inside documents your AI reads.

What Emil detects

Instruction-override attempts ('ignore previous instructions')
System-prompt extraction and reveal attempts
Role/persona jailbreaks (DAN-style, 'developer mode')
Safety-bypass language and fake system delimiters

Defense in depth

Deterministic patterns catch the blatant cases in sub-millisecond time
A model classifier catches the fuzzy long tail
Obfuscation-resistant matching defeats leetspeak and homoglyph evasion

Questions

What is prompt injection?

Prompt injection is when a user (or a document the AI reads) smuggles in instructions that override what you told the model to do — to jailbreak it, extract its system prompt, or make it behave unsafely.

How does Emil stop it?

Emil screens the input before it reaches your model, detecting override attempts, jailbreak personas, and bypass language with deterministic patterns plus a model classifier, and refuses the request.

Does it handle obfuscated attacks?

Yes. Emil normalizes leetspeak and look-alike characters before matching, so '1gn0re previous instructions' is caught the same as the plain form.

Will it block legitimate prompts?

The patterns require the multi-part structure of a real injection attempt, and benign instructions pass through. You can tune severity and action per policy.

The attack surface

What Emil detects

Defense in depth

Questions

Related solutions