Skip to main content

    PII Scrubbing

    PII scrubbing detects and removes personally identifiable information — names, emails, and more — from prompts before they reach an LLM.

    Last updated:

    PII scrubbing is the practice of detecting personally identifiable information in text and neutralizing it before that text is sent somewhere it should not go — in the AI context, before a prompt reaches an external model provider. It is a core control for any organization whose users might paste customer records, health data, or credentials into an AI feature.

    Behest provides PII scrubbing through PII Shield, powered by Microsoft Presidio. It detects sensitive entities using named-entity recognition and regex patterns, and operates in three modes: disabled, shadow (log but allow), and enforce (actively protect). In enforce mode you choose the action per request: mask (reversible tokenization), redact (permanent removal), or block (reject the request entirely).

    Where it runs

    Scrubbing happens on the request path, before the prompt egresses to the model — so when you connect an external provider with your own key, only the scrubbed request leaves your boundary. Combined with self-hosted deployment, sensitive data can be processed inside your own infrastructure end-to-end.

    Frequently asked questions

    How does Behest handle PII?

    Behest includes PII Shield, powered by Microsoft Presidio. It operates in three modes: disabled, shadow (log but allow), and enforce (actively protect). In enforce mode, you choose from three actions: mask (reversible tokenization), redact (permanent removal), or block (reject the request entirely). PII is detected using named entity recognition and regex patterns before it ever reaches the LLM.

    See it in the product

    Related terms

    Enterprise AI Token FinOps: Enforce hard budgets and attribute costs per session.

    Learn more