What to Do When Zeuslock Blocks a Prompt

A friendly walkthrough for end users: how to read the Zeuslock block modal, three safe ways to keep working, and worked examples for AWS keys, PII and source code.

You hit a block — here is what just happened

When Zeuslock blocks one of your prompts, it is not a punishment. It means the prompt contained something your organisation has decided should not leave the company perimeter — typically a credential, personal data about a customer, or a piece of source code that is considered confidential. The block runs on your machine, before anything is sent to ChatGPT, Claude, Gemini or any other AI tool, so the sensitive content never actually leaves your laptop.

You will see a modal appear over the AI chat window. It always shows the same three pieces of information so you can understand the decision in a few seconds:

  • Rule name — the policy that fired, for example AWS Access Keys or Customer PII.
  • Sensitive type detected — the data category Zeuslock recognised, such as api_key, email, credit_card or source_code.
  • Snippet of the triggering content — a short excerpt of your prompt with the offending part highlighted, so there is no guessing about which line caused the block.

A typical block reason reads like this: "AWS access key detected — sending to ChatGPT is blocked by your organisation's policy." Read it once, then pick one of the three safe paths below.

Three safe paths forward

  1. Rewrite without the sensitive value. Replace the real secret or personal detail with a placeholder such as <ACCESS_KEY>, <CUSTOMER_EMAIL> or <PROJECT_NAME>. Describe the structure if it matters ("a 20-character AWS key starting with AKIA"). When you need realistic-looking input, ask the AI to generate fake test data for you instead of pasting real production values.
  2. Use Zeuslock's anonymize-and-send. If your organisation allows user-driven anonymisation, the modal will offer an Anonymise and send button. Clicking it lets Zeuslock replace the sensitive parts with format-preserving fake values — for example a structurally valid fake credit card — and then forward the cleaned prompt. The AI sees a coherent question; you see the original answer mapped back.
  3. Request an exception. If the prompt really does need to go through unchanged (for example, a one-off support case agreed with your security team), use the Request review button. You add a short justification, and a ticket is sent to the security team in the Operator Console. They can grant a one-time bypass without you having to leave the chat window.

Worked examples

Example 1 — Debugging an AWS error

Original prompt: "Can you debug this AWS error?" followed by a full Python traceback that contains AKIAIOSFODNN7EXAMPLE and the matching secret. Zeuslock blocks it because of the api_key detector.

Safe rewrite:

Can you debug this AWS error? I've replaced the access key with <ACCESS_KEY>
and the secret with <SECRET_KEY>. The traceback is below.

The AI still has everything it needs — the stack trace, the SDK call, the region — and your real credentials stay on your machine. Rotate the key anyway, because pasting it into a chat window is a strong signal it ended up in places you do not want.

Example 2 — Summarising a customer email

Original prompt: "Summarise this customer email" followed by the full message including the customer's name, postal address and phone number. Zeuslock blocks it because of the email, phone and address detectors.

You have two good options. Either rewrite manually — replace names with <CUSTOMER>, addresses with <CITY> — or click Anonymise and send if your policy allows it. The summary you get back is the same; only the personal details are protected.

Example 3 — Source code with a hard-coded secret

If you are about to ask the AI to review a file that contains a hard-coded secret, run a quick local secret scan first (the Zeuslock CLI does this in seconds), remove the secret, then send the cleaned version. This habit pays off even outside the chat window — the same scan catches secrets before they reach a commit.

What not to do

Please do not work around the block. A few habits look harmless but cause real problems:

  • Do not disable the Zeuslock extension to "just send it this once". The block is recorded; the workaround is recorded too.
  • Do not copy the prompt into a personal browser profile or a private device.
  • Do not email the prompt to yourself to send it later from home.

All three break the audit trail your security team relies on and may breach your acceptable-use policy. The three safe paths above exist precisely so you do not have to.

Where to learn more

For deeper guidance, see the User Guide section of these docs, and ask your security or IT team for a copy of your organisation's AI acceptable-use policy. It will tell you which detectors are set to Block, which are set to Anonymise, and who reviews exception requests.