Employees aren't just prompting AI anymore—they're uploading files. Darwin's File Upload Controls close this critical governance gap by giving agencies visibility into file uploads, detecting PII within documents, and enforcing policies based on tool trust levels. The result: secure AI adoption without slowing down the workforce.
.svg)
Across state and local government, employees are putting AI to work every day and increasingly, they're not just typing prompts. They're uploading files. Contracts, incident reports, citizen records, HR files, source code, all dragged and dropped straight into ChatGPT, Gemini, Claude, and Microsoft Copilot.
For security and compliance teams, that's a problem hiding in plain sight. Most data protection stops at the text prompt. The moment an employee uploads a file instead of typing, visibility ends—the file transfers instantly to an external system, and there's no record of what it contained. No checkpoint, no scan, no enforcement.
The result is a quiet gap in coverage: typed prompts are monitored, uploaded files are not. And an upload to an approved tool looks exactly the same as an upload to a shadow AI, both invisible. It's the fastest-growing unmonitored data channel in AI usage, and until now, it's been wide open.
Darwin's File Upload Controls close that gap. Security and compliance teams can now govern what files employees send to AI tools, blocking or warning based on how much the tool is trusted, and automatically detect PII inside the file content itself, with full evidence for investigation.
For years, the unspoken rule of data protection was simple: monitor what people type. But people don't only type. They upload. And every uploaded file that left for an external AI tool used to leave without a trace.
File Upload Controls extend enforcement to the upload itself, across the tools employees actually use, ChatGPT, Gemini, Claude, and Microsoft Copilot, and the formats sensitive data actually travels in, from PDFs and Word documents to spreadsheets, text, and Markdown. The channel that was invisible is now governed like everything else.
Not every upload carries the same risk, so not every upload should be treated the same way. An employee sending a file to a sanctioned, governed tool is a different situation from one sending the same file to an unvetted shadow app and File Upload Controls tell the difference.
Uploads to shadow and unauthorized tools can be blocked outright. Uploads to authorized tools can trigger a warning instead, letting work continue while keeping a record. An IT admin sets policy once, tiered by trust level, and enforcement matches the actual risk rather than applying one blunt rule to every tool.
Blocking the wrong uploads is only half the job. The other half is knowing what's actually in the files that move. File Upload Controls scan the content of uploaded files for PII, the same detection that protects typed prompts now reads inside the documents themselves.
A spreadsheet of citizen records, a contract with personal details, an HR file buried in a folder, Darwin sees the sensitive data inside before it reaches an external system, instead of treating every file as an opaque box.
When something sensitive does surface, compliance teams need to understand it, without creating a second exposure by passing the document around. File Upload Controls give investigators the full picture: what was found, where in the file, and which upload it came from, all without anyone needing to open or retrieve the original document.
A records manager can review exactly what triggered an alert and meet their data-handling obligations, with evidence rich enough to act on and contained enough to stay compliant.
State and local government agencies are under increasing pressure to show that AI is being used responsibly and that the data inside AI interactions is protected, whether it arrives as a prompt or a file.
File Upload Controls let agencies enable AI across their workforce with confidence, knowing sensitive files and personal data are governed, monitored, and protected. The blind spot is closed, the enforcement matches the risk, and operations don't slow down to make it happen.
Ready to close the file upload blind spot? Book a demo or reach out to your Darwin AI contact to get a walkthrough.
.png)
