Skip to main content
Learning Center
Interactive Sandbox

LLM Data Redaction What Gets Caught and What Doesn't

Paste any text into the sandbox below, toggle filter packs on and off, and watch Shield's local redaction engine identify and mask sensitive data in real time. Every redacted match comes with an explanation of why it was caught — and what regex alone would miss.

How Shield's Filter Packs Work

Shield layers four detection engines — each designed for a different class of sensitive data. They run simultaneously on every outgoing API call, and you can toggle each one independently. Any match from any layer triggers redaction before the data leaves your machine.

01
👤

PII / PHI

Personally Identifiable Information and Protected Health Information — names, emails, SSNs, phone numbers, physical addresses, dates of birth, medical record numbers.

02
🔑

Secrets & Tokens

API keys, auth tokens, connection strings, private keys, and any high-entropy strings that look like machine-generated secrets.

03
☁️

Cloud Credentials

AWS access keys, GCP service account keys, Azure connection strings, and other cloud provider credentials that grant infrastructure access.

04
🛡️

Custom / Advanced

Credit card numbers, IP addresses, internal project codes, and custom regex patterns configured per deployment. Shield lets you define your own sensitive data patterns.

Interactive Redaction Sandbox

Redacted Output7 matches found
Can you review this config? My email is ████████████████ and the API key is ████████████████████████████████████████████████████████. The database is at █████████████████████████████████████████████████████████████████████████ My personal phone is ██████████████ and the AWS key is ████████████████████. Please check if the security groups at █████████ allow inbound on port 443. Our Jira ticket █████████ tracks the deployment. SSH key fingerprint starts with 2f:3a:8b:...

Match Details — hover or click to see why each was caught

[PII / PHI]dev@acmecorp.com
Email Address
[Secrets & Tokens]sk-proj-abc123def456ghi789jkl012mno345pqr678stu901vwx234
High-Entropy String
[Cloud Credentials]mongodb://admin:SuperSecret123!@db.internal.acmecorp.com:270...
Database Connection String
[PII / PHI](415) 555-0187
Phone Number (US/CA)
[Cloud Credentials]AKIAIOSFODNN7EXAMPLE
AWS Access Key ID
[Custom / Advanced]10.0.1.50
IPv4 Address
[Custom / Advanced]PROJ-4817
Jira / Linear Issue Key
2
PII / PHI
1
Secrets & Tokens
2
Cloud Credentials
2
Custom / Advanced

Filter Pack Reference

Personally Identifiable Information and Protected Health Information — names, emails, SSNs, phone numbers, physical addresses, dates of birth, medical record numbers.

Email Address
Matches RFC 5322 email patterns. High precision — very few false positives on well-formed addresses.
US Social Security Number
Matches ###-##-#### format with word boundaries. Catches the most common SSN representation in text.
Phone Number (US/CA)
Matches (555) 123-4567, 555-123-4567, +1 555 123 4567, and 5551234567 formats.
Physical Address Lines
Matches US street addresses (number + name + suffix). Moderate precision — may match non-address text with similar structure.

API keys, auth tokens, connection strings, private keys, and any high-entropy strings that look like machine-generated secrets.

OpenAI API Key
Matches OpenAI-style keys (sk- prefix + 32+ alphanumeric chars). Also catches sk-proj- variants used by newer OpenAI projects.
GitHub Personal Access Token
Matches GitHub fine-grained tokens (ghp_, gho_, ghu_, ghs_, ghr_ prefixes with 36+ char bodies). High confidence — very few false positives.
Bearer / Auth Token
Matches tokens in common header/assignment formats. Essential for catching the 'I pasted credentials into a prompt' scenario — the most common customer data leak pattern.
High-Entropy String
Entropy-based catch-all for any 40+ character alphanumeric token. This is where entropy wins over regex — unknown token formats still get caught by length+complexity heuristic.

AWS access keys, GCP service account keys, Azure connection strings, and other cloud provider credentials that grant infrastructure access.

AWS Access Key ID
Matches standard IAM user access keys (AKIA prefix + 16 uppercase alphanumeric chars). Also catches ASIA (temporary STS keys).
AWS Secret Access Key
Matches 40-character base64 strings that match AWS secret key format. Used in conjunction with Access Key ID detection for multi-factor confirmation.
GCP Service Account Key
Matches UUID-format private key IDs in GCP service account JSON. Catches the private_key_id field that's part of every service account key file.
Database Connection String
Matches database connection URIs with embedded credentials. These often contain usernames and passwords in the URL itself — a single prompt paste leaks an entire database.

Credit card numbers, IP addresses, internal project codes, and custom regex patterns configured per deployment. Shield lets you define your own sensitive data patterns.

Credit Card Number (Luhn-valid)
Matches Visa, Mastercard, Amex, and Discover card numbers. Shield can optionally validate with Luhn checksum for higher precision.
IPv4 Address
Matches valid IPv4 addresses. Critical for financial services and healthcare where internal network topology is sensitive.
Jira / Linear Issue Key
Matches project issue keys like PROJ-1234 or SEC-567. Prevents leaking internal project context and task discussions into LLM training data.
Custom Regex (user-defined)
Placeholder for any custom regex pattern. Shield supports arbitrary regex patterns — company project codes, internal filenames, proprietary identifiers. Define once, protect everywhere.

Frequently Asked Questions

Shield can redact PII (names, emails, SSNs, phone numbers, addresses), PHI (medical record numbers, dates of birth, insurance IDs), secrets (API keys, tokens, passwords), cloud credentials (AWS, GCP, Azure keys, database connection strings), and custom patterns you define. It uses a four-layer detection stack: regex for known formats, entropy analysis for unknown tokens, keyword matching for labeled secrets, and custom user-defined patterns. All redaction happens locally on your machine before any data leaves your device.
No. Shield is a local desktop application — it runs entirely on your machine. Redacted content is replaced with block characters (████) in the outgoing API request. The original sensitive data never leaves your device, is never stored, logged, or cached by Shield. There is no cloud component, no telemetry, and no configuration that sends data off-device. This is architecturally different from SaaS-based guardrails that necessarily see your plaintext.
Yes. Shield's filter pack system includes a fully configurable custom pattern engine. You define regex patterns matching your proprietary data — project codes, internal filenames, customer IDs, proprietary identifiers — and Shield applies them alongside the built-in packs. Patterns are stored locally in your Shield configuration and never shared. Enterprise deployments can push standard patterns across their fleet.
Shield's redaction engine runs at wire speed. For typical prompt sizes (a few thousand tokens), redaction adds 5-15 milliseconds — imperceptible to users. The overhead comes from regex scanning, which is natively fast in the Rust-based engine. Even on large codebases or chat histories, the latency impact is sub-second. Shield runs as a local sidecar, not a network proxy, so there's no additional network hop.
Each filter pack can be toggled on/off per deployment. Within packs, individual patterns can be disabled or tuned. Shield also supports allowlisting — you can specify strings, patterns, or context rules that override detection. The goal is to catch real secrets without blocking legitimate prompts. Shield's transparency feature shows you exactly what was redacted and why, so you can tune your configuration based on actual usage.
Prompt injection guards block malicious instructions; Shield redacts sensitive data. They solve different problems. Content moderation APIs (like OpenAI's moderation endpoint) classify toxicity, not data sensitivity — they won't catch an API key or a medical record number. Most importantly, SaaS-based guardrails receive your plaintext — they have to, to scan it. Shield scans locally, so the sensitive data never reaches a third party. For regulated industries, this architectural difference is the compliance boundary.
🛡️

See Shield Redact in Your Own Environment

Shield runs locally on your machine — no cloud component, no data leaving your device. Install it, configure your filter packs, and start redacting sensitive data from every LLM API call in under 5 minutes.

Explore PurfectShield Request a Demo