DLP Scanner
The DLP (Data Loss Prevention) scanner inspects the content of every tool call before it reaches the target MCP server. If a pattern matches, the call is blocked and an alert is emitted.
Pattern library
Behavry ships with 26 built-in patterns:
| Category | Examples |
|---|---|
| PII | SSN, passport numbers, driver's license |
| Financial | Credit card numbers (Luhn-validated), bank account numbers |
| Credentials | API keys, private keys, JWT tokens, bearer tokens |
| Healthcare | MRN, NPI, DEA numbers, ICD codes |
| Network | Internal IP ranges, MAC addresses |
| Cloud | AWS access keys, GCP service account JSON, Azure connection strings |
| Secrets | .env file content, Docker secrets, Vault tokens |
Hot-reload
Patterns are stored in the database and reloaded without restarting the proxy. Add or remove patterns from the DLP Rules dashboard tab or via the API.
Severity levels
| Severity | Action |
|---|---|
| Critical | Block immediately before OPA evaluation |
| High | Block and emit DLP_VIOLATION alert |
| Medium | Allow but log with elevated visibility |
Cross-session correlation
Behavry tracks partial data across sessions — if an agent tries to exfiltrate a secret over multiple short calls (fragment reassembly attack), the correlator catches it.
Inbound scanning
The outbound DLP scanner is complemented by the Inbound Injection Scanner (AOC-1) which inspects tool results for embedded instructions before they reach agent context.