Every serious AI deployment today runs through a security stack — prompt-injection filters, jailbreak detection, PII scanners — all pointed at what users send in. That half of the problem is mature and well funded.
The other half is wide open. Once your agent decides what to say back, almost nothing checks that output against the law before it reaches the user. And regulators don't fine you for the prompt. They fine you for the answer.
The cases are already on the docket:
- Air Canada was held liable when its chatbot invented a refund policy a customer relied on.
- iTutorGroup settled with the EEOC after its hiring software auto-rejected older applicants.
- Clearview AI drew a €20M GDPR penalty for a system built on scraped data.
- Workday is facing a class action over screening alleged to filter by age.
None of these were stopped by a security tool — because none were security failures. They were compliance failures, in the output.
We place an enforcement layer between your agent and your user. Every output is checked in real time against 50+ violation patterns across five regulated areas — healthcare, finance, hiring, data privacy, and general AI law — and each decision (BLOCK / REDACT / ALERT / PASS) carries the citation behind it. Wire to a sanctioned entity → blocked before it sends. Score a candidate on age → flagged. A driver's-license number in a reply → masked, the rest delivered.
Security asks: is this input safe? Reglint asks the question regulators ask: was this output legal?
Sources: BC CRT Moffatt v. Air Canada (2024); EEOC v. iTutorGroup (2023); CNIL v. Clearview AI (2022); Mobley v. Workday (ongoing).