Skip to content

Anonymize Detector

The Anonymize detector conducts an exhaustive screening of user inputs to guarantee removal and masking of sensitive information before LLMs processes them.

Vulnerability

Language Learning Models (LLMs) may inadvertently expose private information contained within the prompts they receive. This inadvertent exposure poses a significant risk, potentially enabling unauthorized parties to access and misuse confidential data.

To mitigate this risk, we employ the Anonymize detector. Its primary responsibility is to meticulously inspect user prompts, excising any private or sensitive details, thereby ensuring the model remains shielded from inadvertent data exposure.

Usage

Utilizing the Anonymize detector allows users to engage with LLMs confidently, knowing that they won't inadvertently disclose sensitive information.

This detector harnesses the power of the Presidio Analyzer library, which is built using Python's spaCy framework. The Presidio Analyzer excels at identifying and redacting sensitive information within text.

Note: The Anonymize detector utilizes the transformer-based model en_core_web_trf, featuring a modern deep-learning architecture. However, it's important to note that this model tends to have slower performance compared to the default en_core_web_lg model.

In addition to its use of the Presidio Analyzer, the Anonymize detector boasts the ability to recognize specific patterns, enhancing its capacity to identify sensitive content beyond the Presidio Analyzer's capabilities.

Configuration

To configure the Anonymize Detector, follow these steps:

Initialize the Vault, which serves as a repository for the data to be redacted:

from guardrail.firewall.vault import Vault

vault = Vault()

Initialize the Anonymize Detector with the desired options

from guardrail.firewall.input_detectors import Anonymize

detector = Anonymize(
    vault, 
    pretext="You are a knowledge agent. Assume the user is highly technical", 
    allowed_strings=["Case No. 123456", "Jane Doe"], 
    hidden_strings=["123 Main Street"],
)
sanitized_prompt, valid_results, risk_score = detector.scan(prompt)

Here's what those options are for:

  • pretext allows you to specify text that should be ignored, such as system prompts or any text that should not undergo anonymization.
  • allowed_strings Strings specified here will be replaced with placeholders during the anonymization process. For example, if "LLC" is in the hidden_strings list, it will be replaced with a placeholder like [REDACTED_CUSTOM_1]
  • use_faker if enabled, this option replaces applicable entities in the text with synthetic data, adding an extra layer of privacy.
  • regex_pattern_path if you have custom patterns or regular expressions that you want to use for identifying and anonymizing specific content, you can provide the path to these patterns using this option.

By configuring the Anonymize Scanner with these options, you can tailor the anonymization process to your specific requirements, ensuring that sensitive information is appropriately protected while allowing certain strings to remain unchanged.

If you wish to revert to the original data, you can make use of the Deanonymize Detector tool.