Security

The Future is Now with Intelligent DLP

Identifying sensitive data accurately is critical for security teams. In this post, we explore how Riscosity’s Intelligent DLP improves on traditional detection methods to reduce false positives and save time.

Christopher Widstrom
Lead Product Manager at Riscosity
Published on
6/30/2025
6
min.

Historically, software vendors that detect various types of data in customers’ environments have relied heavily on rudimentary methods for identifying that data. One of the most popular methods for identifying the presence of any particular type of data is using regular expressions and, admittedly, Riscosity started off doing the same several years ago.

As we continued to test the accuracy of our findings and work with customers on their findings over the years, we found that relying heavily on pattern matching to find data types was insufficient. We discovered too many false positives and, given that we pride ourselves on providing accurate findings for our customers, we knew we needed to find a better way.

Fortunately, the ongoing maturation of AI provided us with the perfect opportunity to experiment and uncover whether AI could meaningfully improve the accuracy of our findings.

Regex vs Intelligent DLP

Let’s walk through an example of what a Riscosity finding looks like with only regular expression versus the same finding using AI assistance or Intelligent DLP as we like to call it here.

The following finding used regular expression and shows that Riscosity seems to have found a social security number and a password in the source file “dlp_test.txt” found in the “mini wats” repository:

The High confidence scores for these data types indicates that Riscosity was incredibly confident that a legitimate social security number and password is contained in that source file. 

So, a user ought to investigate this finding! Not so fast...let’s look at this finding when Riscosity uses Intelligent DLP:

Low confidence! This dramatically changes the approach users would take on this finding as it went from being a legitimate finding to a nearly guaranteed false positive. 

How do we know that Intelligent DLP made the right call? Let’s dig into the details, focus on the social security number, and see why it’s now Low confidence:

It seems that Intelligent DLP has determined that the social security number is actually just a variable name being used in a test. If this is true, then the regular expression likely matched on “ssn” in the code and assumed a social security number must be present. 

Let’s settle this once and for all by jumping to line 2 of the source file:

Sure enough, there are no social security numbers to be found here and we can even see evidence of this code being purely for testing purposes. Intelligent DLP made the right call and saved us from wasting time on what would have been a false positive. 

This example was just for 1 finding, so imagine the possibilities for 100s or 1000s of findings. This is the future of DLP.

Spend your time wisely with Riscosity

At Riscosity we are always experimenting with the latest technology in order to give organizations a comprehensive view of all of the sensitive data they are passing to third-party vendors.

By combining the ability to scan code, DNS logs, and real-time network traffic all powered by Intelligent DLP, Riscosity is the best tool in the market for controlling your data flows.

If you are interested in learning more about Riscosity and Intelligent DLP, book a demo today!