Giving enterprise admins granular control over which data their AI can and cannot touch.
Giving enterprise admins granular control over which data their AI can and cannot touch.
Giving enterprise admins granular control over which data their AI can and cannot touch.
Released
As Product Designer, worked on WebUI & Mobile app (iOS, Android).
As Product Designer, worked on WebUI & Mobile app (iOS, Android).
As Product Designer, worked on WebUI & Mobile app (iOS, Android).
Tools used:
Tools used:
"AI can't be a black box" was one of the most repeated customer asks.
"AI can't be a black box" was one of the most repeated customer asks.
"AI can't be a black box" was one of the most repeated customer asks.
AI Safeguards adds a policy-driven validation layer applied consistently across every AI entry point (Egnyte web UI, mobile app and desktop app, MCP, public API, and Microsoft 365 integrations).
Users define who can use AI and on which content, so sensitive data never reaches an LLM without explicit permission.
AI Safeguards adds a policy-driven validation layer applied consistently across every AI entry point (Egnyte web UI, mobile app and desktop app, MCP, public API, and Microsoft 365 integrations).
Users define who can use AI and on which content, so sensitive data never reaches an LLM without explicit permission.
AI Safeguards adds a policy-driven validation layer applied consistently across every AI entry point (Egnyte web UI, mobile app and desktop app, MCP, public API, and Microsoft 365 integrations).
Users define who can use AI and on which content, so sensitive data never reaches an LLM without explicit permission.
Research & Exploration
Research & Exploration
Research & Exploration
We started by studying emerging AI protection patterns, including Microsoft’s AI governance approaches, alongside conversations with customers to understand their real-world concerns around AI access and sensitive content exposure.
The experience was first released as a PoC through Egnyte Labs and tested with a small group of customers. Early feedback helped us expand the safeguard criteria model, enabling teams to create policies that aligned more naturally with how they governed content.
If you'd like to discuss the product thinking, research, or design decisions behind this project, let’s connect.
We started by studying emerging AI protection patterns, including Microsoft’s AI governance approaches, alongside conversations with customers to understand their real-world concerns around AI access and sensitive content exposure.
The experience was first released as a PoC through Egnyte Labs and tested with a small group of customers. Early feedback helped us expand the safeguard criteria model, enabling teams to create policies that aligned more naturally with how they governed content.
If you'd like to discuss the product thinking, research, or design decisions behind this project, let’s connect.
We started by studying emerging AI protection patterns, including Microsoft’s AI governance approaches, alongside conversations with customers to understand their real-world concerns around AI access and sensitive content exposure.
The experience was first released as a PoC through Egnyte Labs and tested with a small group of customers. Early feedback helped us expand the safeguard criteria model, enabling teams to create policies that aligned more naturally with how they governed content.
If you'd like to discuss the product thinking, research, or design decisions behind this project, let’s connect.
Key Product Decisions
Key Product Decisions
Key Product Decisions
1 | Defining safeguard policy builder around enterprise workflows
1 | Defining safeguard policy builder around enterprise workflows
1 | Defining safeguard policy builder around enterprise workflows
Problem: Role-based restrictions alone can't cover real-world governance
Problem: Role-based restrictions alone can't cover real-world governance
Decision: Safeguards support multiple criteria: location, sensitive content classification, users/groups, and metadata such as last accessed date or file types.
Decision: Safeguards support multiple criteria: location, sensitive content classification, users/groups, and metadata such as last accessed date or file types.
Why: User think in folders, labels, and teams, not permission matrices, so the criteria builder matches that mental model directly.
Why: User think in folders, labels, and teams, not permission matrices, so the criteria builder matches that mental model directly.
2 | AI is not completely blocked for end users. Partial response is provided.
2 | AI is not completely blocked for end users. Partial response is provided.
2 | AI is not completely blocked for end users. Partial response is provided.
Problem: When AI silently restricts access to certain files without explanation, it creates confusion and frustration.
Problem: When AI silently restricts access to certain files without explanation, it creates confusion and frustration.
Decision: A neutral AI response is returned with sensitive content redacted, applied consistently across all AI entry points.
Decision: A neutral AI response is returned with sensitive content redacted, applied consistently across all AI entry points.
Why: End users shouldn't need to understand policy infrastructure. The response just needs to communicate the right thing without causing alarm.
Why: End users shouldn't need to understand policy infrastructure. The response just needs to communicate the right thing without causing alarm.
3 | Audit reports are generated from day one ( a detailed report of responses)
3 | Audit reports are generated from day one
( a detailed report of responses)
3 | Audit reports are generated from day one ( a detailed report of responses)
Problem: Without logs, users couldn't prove compliance or investigate incidents.
Problem: Without logs, users couldn't prove compliance or investigate incidents.
Decision: Every file processed by AI is logged, giving users and compliance teams full visibility into AI data usage from the first 'Labs' release.
Decision: Every file processed by AI is logged, giving users and compliance teams full visibility into AI data usage from the first 'Labs' release.
Why: Auditability is a prerequisite for enterprise trust. Regulated customers won't adopt AI without it, so delaying it would delay adoption entirely.
Why: Auditability is a prerequisite for enterprise trust. Regulated customers won't adopt AI without it, so delaying it would delay adoption entirely.
The hardest part wasn't designing the controls. It was designing for a user who should not feel frustrated when AI was blocked for them.
The hardest part wasn't designing the controls. It was designing for a user who should not feel frustrated when AI was blocked for them.
The hardest part wasn't designing the controls. It was designing for a user who should not feel frustrated when AI was blocked for them.
© 2026 All Rights Reserved | Parmi Mehta
© 2026 All Rights Reserved | Parmi Mehta