QommonsAI Implements Three-Layer Defense: Automatic Personal Information Detection, Forbidden Word Blocking, and Detection Logs — Realizing Municipal Information Governance with AI: 'Encouraging Use While Preventing Leaks'

Polimill Inc. (Headquarters: Minato-ku, Tokyo; CEOs: Ayame Ito / Nonoka Taniguchi), a leader in administrative AX, announces that its generative AI for government, 'QommonsAI,' will launch new features on April 1, 2026, to provide multi-layered prevention against the accidental input of confidential information: 'Automatic Personal Information Detection,' 'Forbidden Word Blocking,' and 'Detection/Blocking Logs.' Multi-layered prevention of accidental input of confidential information

'Multi-layered Information Governance' that elevates rule effectiveness from 'paper regulations' to 'technical mechanisms' As the adoption of generative AI accelerates in municipalities across Japan, it has become crucial to implement internal information management rules as a system to promote utilization and create an environment where staff can use AI without hesitation. While many municipalities have established guidelines for generative AI usage, operations often rely on the individual awareness of staff. By elevating the effectiveness of rules from 'paper regulations' to 'technical mechanisms,' staff can fully utilize generative AI with peace of mind, without feeling excessive burden regarding information management. With the implementation of this three-layer defense—'Automatic Personal Information Detection,' 'Forbidden Word Blocking,' and 'Detection/Blocking Logs'—QommonsAI has created an environment that 'prevents leaks at the system level without relying on the judgment of individual staff members.' This allows municipalities to balance the conflicting requirements of 'wanting to encourage use' while 'ensuring no leaks occur,' enabling the safe promotion of generative AI utilization. What are Personal Information Alerts and Forbidden Word Settings? This feature displays warnings or blocks transmission to the AI when input containing personal information or forbidden words is detected. Overview of the Three-Layer Defense QommonsAI's information governance feature prevents the leakage of confidential information through a three-stage process: 'Detection → Blocking → Recording.' Layer 1: Automatic Personal Information Detection — AI monitors input content in real-time Personal information patterns are automatically detected the moment staff enter a prompt. The action taken upon detection can be configured individually based on the type of confidential information, choosing between 'Warning Only' (alerting the staff and leaving the decision to send to them) and 'Transmission Block' (blocking the transmission to the AI entirely). For example, administrators can flexibly configure operational rules via the settings screen, such as 'Block My Number immediately, but display a warning for names and leave the decision to the staff.' This realizes practical governance tailored to actual business operations. Layer 2: Forbidden Word Blocking — Implementing organization-specific rules into the system Administrators can register over 100 custom forbidden words. Inputs containing registered terms are blocked from being sent to the AI entirely, preventing them at the system level without requiring staff judgment. Administrators can flexibly register organization-specific confidential information that cannot be captured by personal information patterns alone—such as names of undisclosed policy projects, facility names under internal review, or personnel-related proper nouns—as protected targets. This goes beyond simply stating 'do not input XX' in guidelines, by forcibly enforcing it within the system.