Can we use Claude in the UAE without sending our data to Anthropic? The answer is yes, but not the way most people think. You can't run Claude on premise. The model itself lives on Anthropic's infrastructure. But you can strip sensitive data from prompts before they ever reach Claude. That's what we built. A layer that sits between the user and the model. It reads every prompt, identifies sensitive information, redacts or anonymizes it, then sends the cleaned version to Claude. The model never sees the original data. The response comes back clean. From the user's perspective, they're using Claude normally. From Anthropic's perspective, they're seeing anonymized requests. From the compliance team's perspective, no regulated data left the UAE. This is how enterprises will actually adopt AI. Not by replacing external models with worse local ones. By building infrastructure that makes external models compliant. The future of enterprise AI is not model development. It's data governance infrastructure that makes any model safe to use.
Mihai Mărcuță The biggest enterprise AI challenge is increasingly becoming data governance and compliance, not model access.
Interesting! Happy to discuss more as we often get this type of question from our client.
So in the end, what this actually means is: instead of trusting Anthropic directly, we are now expected to trust an additional company in the middle. Because the core difference is not that the data suddenly stays fully local or that Claude runs privately on-premise. The difference is: your infrastructure now sees the raw data first before sending a modified version to Anthropic.😅
I understand your perspective (product based) but local isn't always worse. That's not what the papers and research show, nor our work with teams at Nvidia, Qwen , and others, especially when CPT or RL post-training is undertaken for very specific domains or tasks. But even in these cases, a lot of businesses still call externally hosted opensource models, and data privacy laws still require some sort of anonymization /redaction just because the mere fact of data leaving premises even if within the same organization. So your product, given that it accomplishes what it promises, can also bring value for these use cases.
the egress side is the actual hard problem. prompt sanitization on ingress is solvable — you're matching known PII patterns. but if the model's response reconstructs enough context to re-identify a client or a deal, you've still got exposure. running into this in regulated environments where obligations around transaction confidentiality don't care whether the data leaked on the way in or the way out.
However, we can use specialized models for data protection and PII handling, such as openai/privacy-filter, which helps detect and filter sensitive information to protect user privacy and prevent data leakage.
Curious to see how the anonymization can be guaranteed from a client perspective
I think it's a very old working model using differential privacy.
Curious to see how this handles edge cases and maintains response quality after the data is “cleaned.”