16 August, 2024

Securing Your LLM Applications: Detecting PII in Prompts with LLM-Guard ⚔️

In the era of Generative AI, where Large Language Models (LLMs) are increasingly woven into the fabric of modern applications, the need for safeguarding sensitive information has never been more critical. As organizations integrate LLMs into their workflows, the challenge of detecting and anonymizing Personally Identifiable Information (PII) in prompts — especially those processed in-memory — becomes paramount. Enter LLM Guard, your AI-powered sentinel in the battle against data exposure.

Why PII Matters: The Stakes Are High

PII is the linchpin of an individual’s digital identity. It’s not just a collection of data points; it’s a digital fingerprint that, when mishandled, can lead to dire consequences. Whether it’s GDPR or HIPAA, global regulations demand stringent measures for PII protection. But what happens when this sensitive information makes its way into LLM prompts? If left unchecked, it could inadvertently proliferate across storage points, model training datasets, and third-party services, amplifying the risk of data breaches and privacy violations.

Anatomy of a Privacy Breach: The Attack Surface

Consider this scenario: A company uses an LLM to automate customer service. The prompts sent to the LLM contain user queries, some of which include PII like names, addresses, or credit card numbers. If the model provider stores these prompts, either for improving the model or for other purposes, the PII is now exposed to risks outside of the company’s control. This scenario underscores the importance of ensuring that any PII in prompts is detected and anonymized before it ever reaches the LLM.

The Role of Anonymize Scanner in LLM Guard

The Anonymize Scanner within LLM Guard acts as your digital guardian, scrutinizing prompts in real-time and ensuring they remain free from PII. Here’s how it works:

  • PII Detection: The scanner identifies PII entities across various categories, including credit card numbers, personal names, phone numbers, URLs, email addresses, IP addresses, UUIDs, social security numbers, crypto wallet addresses, and IBAN codes.
  • Anonymization: Once detected, the scanner can anonymize or redact this information, ensuring that the LLM only processes sanitized data.
  • In-Memory Operation: Unlike traditional methods that might focus on data at rest or in transit, LLM Guard operates directly on prompts in RAM, offering real-time protection without the latency of I/O operations.

Understanding PII Entities: A Closer Look

Let’s break down the types of PII the Anonymize Scanner targets:

  • Credit Cards: The scanner is adept at identifying credit card formats, including specific patterns like those for Visa or American Express.
  • Names: It recognizes full names, including first, middle, and last names, ensuring that any personally identifiable name data is flagged.
  • Phone Numbers: From a simple 10-digit number to complex international formats, the scanner is equipped to detect various phone number patterns.
  • URLs & Email Addresses: Whether it’s a URL pointing to a personal site or an email address in a customer query, the scanner can identify and anonymize these elements.
  • IP Addresses: Both IPv4 and IPv6 addresses are within the scanner’s purview, crucial for applications dealing with network data.
  • UUIDs & Social Security Numbers: Unique identifiers and social security numbers are some of the most sensitive data types, and the scanner is finely tuned to detect these.
  • Crypto Wallets & IBANs: As financial transactions become more digital, detecting and anonymizing crypto wallet addresses and IBAN codes is vital to prevent fraud and ensure compliance.

Detecting PII in Prompts Using LLM Guard

To illustrate the power of LLM Guard, let’s walk through a sample yet practical example. Below is a Python snippet that demonstrates how to use the Anonymize scanner to detect and redact PII in a prompt before it is processed by an LLM:

# Install the necessary package
pip install llm_guard

# Importing required modules
from llm_guard import scan_prompt
from llm_guard.input_scanners import Anonymize

# Define a prompt that contains PII
prompt = """Make an SQL insert statement to add a new user to our database.
Name is John Doe.
Email is test@test.com.
Phone number is 555-123-4567."""


# Scan the prompt for PII and sanitize it
sanitized_prompt, results_valid, results_score = scan_prompt(input_scanners, prompt)

# Check if the prompt contains any invalid PII data
if any(results_valid.values()) is False:
print(f"Prompt {prompt} is not valid, scores: {results_score}")
exit(1)

# Output the sanitized prompt
print(f"Prompt: {sanitized_prompt}")

Output:


Explanation:

  • The scan_prompt function utilizes the Anonymize scanner to inspect the prompt for any PII entities.
  • The scanner detects sensitive information such as names, email addresses, and phone numbers, replacing them with placeholders like [REDACTED_PERSON_1], [REDACTED_EMAIL_ADDRESS_1], and [REDACTED_PHONE_NUMBER_1].
  • The sanitized prompt is then printed, showcasing how the PII has been effectively anonymized.

This real-time detection and redaction process is crucial for maintaining the privacy and security of your data when interfacing with LLMs.

Fortifying Your LLM Applications

Integrating LLM Guard into your application stack is more than just a compliance checkbox; it’s a proactive stance in the ongoing battle for data privacy. By ensuring that PII is detected and anonymized in-memory, before it even has a chance to be processed by an LLM, you’re not only protecting your users but also fortifying your applications against potential breaches.

In a world where AI is becoming omnipresent, LLM Guard offers a robust solution to a critical problem. Don’t wait for a breach to prioritize PII protection — make it a cornerstone of your LLM deployment strategy.

Stay tuned for more on LLM-Guard guardrail features. 🙂