Checklist / AIGIS resources
Field-level security for LLMs has to protect values and structure. If a hidden field name enters context, the model can reason about its existence.
Executive read
Identify fields the user can read, edit, or never see.
Reject prompt construction that includes inaccessible field names.
Record stripped-field evidence for audit review.
Apply the same principle to answers, summaries, and write proposals.
Analysis
Traditional masking can hide values, but language models can still infer meaning from field names and schema position.
AIGIS removes inaccessible fields before context assembly so the model reasons only from data the user is allowed to know.
Ask for a record of included fields, excluded fields, and the permission source behind each decision.
The evidence should be understandable to a Salesforce architect and a security reviewer without asking them to trust the model.
Resource packet
Evidence packet
Capture user context, system of record, enforcement tier, stripped fields, model route, response, hash marker, and fallback notes.
Salesforce is the production proof path. ServiceNow and SAP are design-partner co-development paths with asymmetric enforcement that must be disclosed in diligence.
Keep reading
Architecture
A practical guide to LLM field-level security: why prompt masking leaks structure, why field stripping works better, and how AIGIS enforces access before model context.
Architecture
Why LLM field-level security should remove inaccessible fields before prompt construction instead of sending masked placeholders to the model.
Security
A short comparison of field stripping and masking for enterprise AI security reviews.