Skip to main content

LLM masking: protecting sensitive information in AI applications

1. Introduction to LLM masking

Large Language Models (LLMs) like GPT-4, Claude, and BERT have transformed natural language processing applications, enabling sophisticated text generation, summarisation, and analysis capabilities. However, with this power comes significant responsibility, particularly regarding data privacy and security.

LLM masking refers to the process of identifying and hiding sensitive information like phone numbers, email addresses, credit card numbers, and personal names before sending text to Large Language Models. This ensures privacy, security, and compliance with data protection laws like GDPR, HIPAA, and CCPA.

LLM masking is a technique that identifies and replaces sensitive information with placeholder tokens before processing text with Large Language Models, and then reintroduces the original data afterwards if needed.

This blog offers a comprehensive guide to understanding and implementing LLM Masking techniques in your AI applications, featuring code examples, diagrams, and best practices to help you protect sensitive information while harnessing the power of LLMs.

2. Why LLM masking is important

LLM masking is not just a technical nicety- it's often a legal and ethical requirement. Here's why it matters:

The Risks of Unmasked Data

LLMs can memorise parts of their training data and potentially reveal sensitive information in responses. Additionally, most major LLM providers retain user prompts, which could expose sensitive data if not properly masked before submission.

3. How LLM masking works

LLM masking follows a three-step process:

LLM Masking Flow Diagram

This process ensures that sensitive information never leaves your system while still allowing the LLM to process the non-sensitive parts of the text effectively.

PII Masking in RAG Pipeline

Main LLM Masking Architecture

LLM Masking Architecture

LLM Masking Architecture

4. Common techniques for LLM masking

Several approaches can be used to implement LLM masking, each with its own strengths and weaknesses.

4.1 Regex-based approach

Regular expressions (regex) provide a straightforward method for identifying structured data patterns like email addresses, phone numbers, and credit card numbers.

Pros: Fast, lightweight, easy to implement, no external dependencies

Cons: May miss complex patterns or context-dependent PII, can produce false positives

Here are some common regex patterns used for identifying PII:

4.2 Named Entity Recognition (NER)

Named Entity Recognition uses machine learning models to identify entities like names, organisations, locations, and other context-dependent information that might be difficult to capture with regex alone.

Pros: Better at identifying context-dependent PII, can recognise names and entities not follow specific patterns

Cons: Computationally more expensive, requires ML models, may still miss some PII types

Popular NER libraries and models include:

Data Masking Techniques

4.3 Hybrid approaches

Most effective LLM Masking implementations use a combination of regex and NER techniques to maximise coverage and accuracy.

Best Practice: Use regex for well-structured PII (email addresses, phone numbers) and NER for context-dependent PII (names, locations, organisations).

Some systems also employ additional techniques:

LLM Data Privacy Flow

5. Implementation examples

Let's explore practical implementations of LLM masking using different approaches.

5.1 Python code with Regex

Here's a simple implementation of regex-based PII detection and masking in Python:

This example demonstrates a simple approach to masking and unmasking PII in text using regex patterns.

Privacy threat model architecture

5.2 Using specialised libraries

Several specialised libraries make LLM Masking more robust and easier to implement. One such library is Masked-AI.

Other useful libraries for PII detection and masking include:

Here's an example using PiiRegex:

5.3 Integration with LLM APIs

When integrating LLM masking with LLM APIs, it's important to have a robust pipeline that handles the masking and unmasking process efficiently. Here's an example of how to integrate with OpenAI's API:

This example demonstrates a complete pipeline for masking sensitive information before sending text to an LLM and then restoring it in the response if needed.

AI Agents with MCP Integration

AI Agents MCP Architecture

AI Agents MCP Architecture

6. Best practices and considerations

When implementing LLM masking in your applications, consider these best practices:

Technical best practices

Common pitfalls to avoid:

Data Masking Process

Advanced Privacy-Preserving Techniques

Differential Privacy for LLMs‍

Differential privacy adds calibrated noise to training data or model outputs to provide mathematical guarantees about privacy protection. This technique is particularly useful when training LLMs on sensitive datasets. Google Research

7. Conclusion

LLM masking is a critical technique for protecting sensitive information when using Large Language Models. 

By identifying and replacing PII with placeholder tokens before sending text to LLMs, you can maintain privacy and security while still leveraging the power of these AI systems.

In this guide, we've covered:

As AI systems become more integrated into critical applications, protecting sensitive information will only grow in importance. By implementing robust LLM Masking, you can ensure that your applications provide powerful AI capabilities without compromising user privacy or violating regulatory requirements.

Final Reminder

No masking system is perfect. Always design your systems with defence in depth and implement additional safeguards beyond masking alone. Regularly test and update your masking implementation to ensure it remains effective against evolving PII patterns and formats.

We'd love to talk about your business objectives

Written by