PII Scrubbing
PII scrubbing detects and removes personally identifiable information — names, emails, and more — from prompts before they reach an LLM.
Last updated:
PII scrubbing is the practice of detecting personally identifiable information in text and neutralizing it before that text is sent somewhere it should not go — in the AI context, before a prompt reaches an external model provider. It is a core control for any organization whose users might paste customer records, health data, or credentials into an AI feature.
Behest provides PII scrubbing through PII Shield, powered by Microsoft Presidio. It detects sensitive entities using named-entity recognition and regex patterns, and operates in three modes: disabled, shadow (log but allow), and enforce (actively protect). In enforce mode you choose the action per request: mask (reversible tokenization), redact (permanent removal), or block (reject the request entirely).
Where it runs
Scrubbing happens on the request path, before the prompt egresses to the model — so when you connect an external provider with your own key, only the scrubbed request leaves your boundary. Combined with self-hosted deployment, sensitive data can be processed inside your own infrastructure end-to-end.
Frequently asked questions
How does Behest handle PII?
Behest includes PII Shield, powered by Microsoft Presidio. It operates in three modes: disabled, shadow (log but allow), and enforce (actively protect). In enforce mode, you choose from three actions: mask (reversible tokenization), redact (permanent removal), or block (reject the request entirely). PII is detected using named entity recognition and regex patterns before it ever reaches the LLM.