As generative AI continues to transform how organizations operate, the need for robust security and compliance has never been more critical. Enterprises embracing third-party GenAI face a new and complex risk landscape — from discovering shadow AI usage, to detecting and blocking prompt injection and jailbreak attacks, to the accidental exposure of sensitive data and potential non-compliance.
At TrojAI, our mission is to secure the behavior of AI models, applications, and agents during AI development (TrojAI Detect) and AI runtime (TrojAI Defend). Today, we're excited to announce an integration between TrojAI and OpenAI’s ChatGPT Enterprise Compliance API. This move brings together GenAI security policy enforcement and deep compliance observability to support enterprise deployment of AI - responsibly, confidently, and at scale.
What is TrojAI Defend?
TrojAI Defend is a GenAI runtime defense solution that protects AI apps and agents in production. It sits inline between models, applications, and agents to inspect, intercept, and enforce rules on both inputs and outputs, actioning on risky AI behavior such as:
- Prompt injection and jailbreak attacks
- Unsafe or toxic prompts and responses
- Leakage of sensitive or proprietary information, like PII, source code, and secrets
TrojAI Defend enables security teams to define granular policies for how AI applications and agents can interact with models. It does this in real time, without changing the underlying model architecture.
What is OpenAI’s ChatGPT Enterprise Compliance API?
OpenAI’s ChatGPT Enterprise Compliance API is a suite of APIs provided by OpenAI for organizations looking for deep visibility and control over how ChatGPT is used by its employees. The Compliance API enables ChatGPT Enterprise administrators to view and download various components of the ChatGPT Enterprise workspaces, including users, projects, conversations, canvases, GPTs, and memories. For organizations using ChatGPT Enterprise, it provides visibility into user prompt and model response logs and usage metrics. This gives compliance and risk teams the oversight they need to meet regulatory obligations and internal governance standards, especially in sensitive industries like finance, healthcare, legal, and government.
Compliance visibility meets security analytics with TrojAI and OpenAI
Security and compliance often operate in parallel, but are not always in sync. In the context of enterprise AI, security helps to detect and prevent risks, but compliance proves that you’re adhering to both internal and regulatory rules. The TrojAI integration with OpenAI’s ChatGPT Enterprise Compliance API helps address both of these. It does this by monitoring historical ChatGPT interactions - including Conversations, Memories, and Canvases - for potential security risks and compliance violations using the TrojAI Defend policy engine.
Together, this helps enable security and compliance practitioners to detect unsafe or non-compliant behavior, better inform security policies based on compliance findings, and accelerate decision-making based on secure and compliant usage. Think of it as a defense-in-depth model for AI, where security and compliance are tightly coupled. This layered approach is already delivering real-world value.
In the words of a VP of Technology and Distinguished Engineer of a Fortune 100 financial services company, “Integrating TrojAI’s security layer with ChatGPT Enterprise has helped us operationalize Large Language Models (LLMs) more confidently. Now with the integration of TrojAI and OpenAI’s ChatGPT Enterprise Compliance API, we can extend this security layer to help support our compliance requirements around safe and effective use of AI."
This integration brings together two complementary layers of protection. As a ChatGPT Enterprise user, you’ll have access to the Compliance API. That’s all you’ll need to get started in TrojAI. Here are the steps to integrate TrojAI and OpenAI’s ChatGPT Enterprise Compliance API:
- Track ChatGPT Enterprise workspace on the TrojAI platform using a unique workspace identifier
- Choose an existing or custom TrojAI Defend policy that you want to see applied to ChatGPT Enterprise Compliance API data. You’ll have the ability to choose from a number of out-of-the-box and custom rulesets that assess potentially risky AI behavior like:
- Prompt injections
- Jailbreaks
- Data exfiltration attempts
- PII detections
- Toxic or harmful language
- Once the policy is configured, choose a time series to perform compliance analysis on historical ChatGPT Enterprise data, such as daily, weekly, monthly, or every 90 days. Each transaction is logged, including:
- Who used the model
- What was asked
- What the model returned
- What was blocked or modified (if applicable)
- Through simple dashboarding views, you can monitor every prompt and response in your ChatGPT Enterprise workspace for potential compliance violations against your custom policy
- Integrate the data through open TrojAI integrations, including compliance dashboards, SIEM tools, and auditing systems
The integration offers a complete ChatGPT audit trail, showing not only that violations were prevented, but that prevention itself was consistent with company policy and regulatory standards.
Putting the TrojAI and OpenAI integration to work
In regulated industries like healthcare, finance, government and legal, enterprises must comply with strict data handling and content safety requirements when adopting AI. For these types of use cases, this TrojAI and OpenAI integration helps ensure that:
- User prompts and model responses don’t violate internal or external policies
- Interactions are logged and reviewable for compliance audits
- AI systems are not a backdoor for sensitive data leakage
For organizations deploying ChatGPT for internal productivity use (e.g., HR bots, sales assistants), the TrojAI and OpenAI integration helps:
- Enforce usage boundaries (e.g., prompts containing sensitive data)
- Flag risky behavior like potential prompt injections or jailbreaks
- Enable consequence management for users violating enterprise AI usage policies
The TrojAI difference
TrojAI is excited to bring this solution to enterprises looking to deploy GenAI responsibly and at scale. It allows us to extend our AI security expertise to better serve compliance use cases for ChatGPT Enterprise users in an emerging space where enterprises are looking for both. With both OpenAI’s ChatGPT Enterprise Compliance API and TrojAI, you’ll get:
- High-accuracy, customizable TrojAI security policies applied to ChatGPT non-real time data
- User-friendly reporting for non-technical audiences, highlighting priority security risks and compliance insights
- Synergy with the TrojAI Defend policy engine, where real-time policies can be informed by the compliance findings
This integration is just the beginning. By combining the strengths of TrojAI Defend and OpenAI’s ChatGPT Enterprise Compliance API, we’re building toward a future where AI security is not an afterthought, but a foundation. If you’re building internal AI systems and want to ensure they’re secure, policy-aligned, and audit-ready, we’d love to show you what this integration can do.
How TrojAI can help
TrojAI is a security for AI platform. Our mission is to enable the secure rollout of AI in the enterprise. Our comprehensive security platform for AI protects AI models, applications, and agents. Our best-in-class platform empowers enterprises to safeguard AI systems both at build time and run time. TrojAI Detect automatically red teams AI models, safeguarding model behavior and delivering remediation guidance at build time. TrojAI Defend is an AI application firewall that protects enterprises from run-time threats in real time.
By assessing the risk of AI model behavior during the model development lifecycle and protecting it at run time, we deliver comprehensive security for your AI models and applications.
Want to learn more about the TrojAI-OpenAI integration or how TrojAI secures the largest enterprises globally with a highly scalable, performant, and extensible solution?
Contact us at troj.ai now.
.png)
.png)
