PII redaction
Redact personally identifiable information before it reaches the model
To adhere to strict data residency laws (such as GDPR, HIPAA, and CCPA), sensitive Personally Identifiable Information (PII) must be shielded from third-party LLM environments. The Sentinel identifies and redacts PII before the prompt is forwarded to the upstream model.
This guardrail covers the following categories: email addresses, phone numbers, U.S. Social Security numbers (SSN), and credit card numbers.
Remediation action: Replace with {{REDACTED}} — The matched PII values are replaced with redaction placeholders before the prompt is forwarded to the LLM, allowing the request to proceed while protecting personal data.
Example interception
Inbound prompt from application:
"Please draft a follow-up email to our customer John Smith ([email protected], phone 415-555-0132) regarding his recent invoice sent to credit card number 4532-1234-5678-9010."
What the upstream LLM actually sees:
"Please draft a follow-up email to our customer John Smith ({{REDACTED}}, phone {{REDACTED}}) regarding his recent invoice sent to credit card number {{REDACTED}}."
The customer name is left intact — the current release detects emails, phone numbers, SSNs, and credit card numbers, not free-text names.
