QommonsAI Introduces Three-Layered Defense with Automatic Personal Information Detection, Forbidden Word Blocking, and Detection Logs – Realizing AI-Powered Information Governance for Local Governments with "We Want You to Use It, But Don't Let It Leak"

Polimill Inc. (Headquarters: Minato-ku, Tokyo; Representatives: Ayame Ito / Nonoka Taniguchi), a top runner in administrative DX, is pleased to announce that with the update scheduled for April 1, 2026, its generative AI for government, "QommonsAI," will begin offering "Automatic Personal Information Detection," "Forbidden Word Blocking," and "Detection/Blocking Logs" features to prevent the unintentional input of confidential information in multiple layers.

"Multilayered Information Governance Features" that Elevate Rule Effectiveness from "Paper Regulations" to "Technical Mechanisms"

As the adoption of generative AI accelerates in local governments nationwide, it is becoming increasingly important to implement information management rules within the system and create an environment where employees can use AI without hesitation to further promote its utilization. Many local governments have established guidelines for generative AI use that specify precautions for input, but in many cases, their implementation relies on the awareness of individual employees. By elevating the effectiveness of rules from "paper regulations" to "technical mechanisms," employees can fully utilize generative AI with peace of mind, without feeling an excessive burden on information management.

With the introduction of three-layered defense of "Automatic Personal Information Detection," "Forbidden Word Blocking," and "Detection/Blocking Logs," QommonsAI has created an environment that "prevents leaks as a system, without relying on the judgment of each individual employee." This allows local governments to balance the conflicting demands of "wanting to use it, but not letting it leak," and to promote the utilization of generative AI with confidence.

What are Personal Information Alerts / Forbidden Word Settings?

These features detect input containing personal information or forbidden words and either display a warning or block transmission to the AI.

Overview of Three-Layered Defense

QommonsAI's information governance features prevent the leakage of confidential information in three stages: "Detection → Blocking → Recording."

Layer 1: Automatic Personal Information Detection – AI Monitors Input in Real-Time

Personal information patterns are automatically detected at the moment an employee inputs a prompt.

The action upon detection can be individually set to either "Warning Only (alerts the employee, leaving the decision to send to the employee)" or "Transmission Block (blocks transmission to the AI itself)," depending on the type of confidential information.

For example, administrators can flexibly configure phased operational rules, such as "Immediately block My Number, display a warning for names and leave it to employee discretion," from the settings screen. This enables realistic governance that aligns with actual business operations.

Layer 2: Forbidden Word Blocking – Implementing Organization-Specific Rules in the System

Administrators can register 100 or more arbitrary forbidden words. Input containing registered words is blocked from transmission to the AI itself, and is blocked at the system level without employee intervention.

This allows for flexible protection of organization-specific confidential information that cannot be captured by personal information patterns alone – such as names of non-public policy projects, facility names under internal review, or proper nouns related to personnel – at the administrator's discretion.

This goes beyond simply stating "XX is prohibited from input" in the guidelines, by enforcing it within the system...