CodePrism

Coding on encrypted code.

Work on your code. Without ever decrypting it.

CodePrismZERO EXPOSURE CODE
WHAT YOU SEEyour machine
auth.py
full Copilot-class assist
WHAT THE AI SEESprovider side
buffer · FHE
COMPUTING ON CIPHERTEXT…
🔒 0 bytes plaintext · ever
CIPHERTEXT CROSSES · PLAINTEXT DOESN'T
◈8⌗A4§f
TAB · ACCEPTED ✓
suggestions 24 accepted 19 plaintext sent 0 B
mathematical proof, not policy promises ✓
Copilot-class assist. The provider never sees your code.

The problem

To let AI review your code, you usually have to hand it your code.

Source, secrets, and proprietary logic get uploaded to a tool you have to trust not to keep them. A retention promise is not a guarantee. It is a hope with a lawyer attached.

Mirror restores Encryption · FHE · code it can never see.

The flow

The plaintext never leaves your machine. Period.

Encrypt locally

keys stay with you

your machine

Send ciphertext

no plaintext in transit

Reason on ciphertext

FHE inference

Decrypt locally

only on your machine

your machine

In your workflow

Encrypt locally. Review on ciphertext. Decrypt only on your machine.

  • keys never leave your laptop
  • the model reasons on ciphertext (FHE)
  • revoke a key and the data goes dark
codeprism · zsh
$ codeprism seal ./src --key ~/.cp/key     # keys stay with you
   482 files sealed · plaintext never left your machine

$ codeprism review --model gpt-4o           # FHE · reasons on ciphertext
   7 AI-code risks found · 0 plaintext exposed

$ codeprism reveal report.cpx                # decrypt locally
   opened on this device only

Capabilities

IDE. CLI. CI. Your network. Same encryption, every surface.

Same encryption, every surface

IDE

VS Code · JetBrains · Cursor

CLI

codeprism · scriptable · headless

CI/CD

GitHub Actions · GitLab CI

Self-hosted runtime

VPC · air-gapped · sovereign

encrypted on every surface a developer touches

Why it can't be retrofitted

Three pillars. None of them retrofittable to a plaintext tool.

A plaintext code tool

  • Trusts a retention promise, not math
  • Generic SAST, blind to AI-code risks
  • Revoke access and hope it's deleted
  • Telemetry happens on plaintext code
  • Compliance is a checkbox, not a proof

CodePrism

  • Cryptographic enforcement, not policy promises
  • Built for AI-code risks, not generic SAST
  • Rotate the key, the data goes dark instantly
  • Plaintext never leaves your machine
  • Compliance evidence an auditor can verify, end to end

Frequently asked

Questions, answered

What's the actual risk with AI coding assistants like Copilot or Cursor today?
AI coding assistants require transmitting entire code files, including API keys, proprietary algorithms, and architecture details, to remote servers with every suggestion. Source code leaves the customer's environment constantly, creating an active IP exfiltration risk. Real-world incidents have demonstrated proprietary code and credentials surfacing in AI model outputs. For financial services, defence contractors, and healthcare organizations, this risk has forced blanket bans on AI coding tools, sacrificing developer productivity to avoid the security liability.
How does CodePrism fix the exposure problem?
CodePrism applies FHE at the IDE boundary, encrypting code before it leaves the workstation so AI coding assistants process ciphertext, never plaintext. The provider sees only encrypted data; source code, API keys, and proprietary algorithms remain cryptographically protected end to end. This is a mathematical guarantee, not a contractual assurance: even if the provider's infrastructure is compromised, there is no plaintext to expose. CodePrism is the first zero-exposure coding assistant built on Mirror's FHE engine, optimized for AI workloads.
Does encrypted code mean the AI assistant is less helpful or less accurate?
FHE allows the model to perform the same computation on encrypted inputs that it would on plaintext. Code suggestions, completions, and security scans are generated with full fidelity. CodePrism preserves the complete functionality of AI coding assistance while eliminating data exposure at the provider layer. Mirror's FHE engine is tuned for AI workloads, achieving production-grade performance without the accuracy degradation unoptimized FHE implementations can introduce.
What IDE does CodePrism work with?
CodePrism is built for VS Code today and operates as a full IDE security boundary, not just encrypted transport. Plaintext (prompts, files, tool calls, responses, and telemetry) stays on the developer's workstation; everything transmitted to providers is ciphertext. CodePrism applies the same security model as the rest of the Mirror platform: secrets controls, policy enforcement via AgentIQ, tool approvals, MCP-aware validation, and auditable signed actions.
We've considered just banning AI coding tools. Why is CodePrism a better answer?
CodePrism decouples developer productivity from security risk. Developers get full AI coding assistance while the security team gets cryptographic proof that source code never left the workstation in plaintext. For regulated environments under GDPR, HIPAA, SOC 2, or defence contractor IP requirements, CodePrism makes AI coding assistants deployable where they were previously off-limits. The choice between productivity and protection stops being a choice.
How does CodePrism fit into our broader Mirror Security posture?
CodePrism routes through Mirror Gateway and inherits the full Mirror policy and audit infrastructure. AgentIQ policies govern coding assistant behavior: which tools the assistant can invoke, which data it can access, which actions require human approval. DiscoveR can adversarially test the CodePrism deployment against OWASP LLM Top 10 and MITRE ATLAS attack vectors. The developer environment operates under the same cryptographic guarantees, policy enforcement, and signed audit trails as production AI systems, not a weaker link that bypasses enterprise security.

Get started

See encrypted AI security in action.

FHE-native inference. Runtime agent guardrails. Continuous red teaming. One platform. Book a working session with the team.

Six layers. One agent estate.

Every Mirror product is one layer of the same surface. Adopt one, or stack them.

VectaX

AI Data Security

Encrypt context, prompts, embeddings, and inference output end-to-end. AI keeps working on data that's mathematically guaranteed to stay private.

Explore VectaX

DiscoveR

Vulnerability Scanning

Hunt prompt injection, model leaks, and AI-specific zero-days as they emerge across every model, agent, and integration in your stack.

Explore DiscoveR

AgentIQ

AI Agent Security

Watch every action, tool call, and decision from your agents. Anomaly alerts, automated response, and a full audit trail built for compliance.

Explore AgentIQ

Zero

AI Governance

The agent estate, governed. Discovers every AI agent (sanctioned or shadow) and runs the four governance workflows.

Explore Zero

Gateway

AI Gateway

Inspect, authenticate, and throttle traffic before it reaches your models. Prompt firewall, edge auth, and policy enforcement with an audit trail at the door.

Explore Gateway

CodePrism

AI Coding

Coding on encrypted code. Coding assistance, indexing, review, and security scans, all on ciphertext.

Explore CodePrism