Skip to main content

PII Masking Guardrail

Overview

The PII Masking guardrail is used to mask sensitive information in documents or messages.

It supports common sensitive entities such as:

PERSON, EMAIL_ADDRESS, PHONE_NUMBER, SSN, CREDIT_CARD,
IP_ADDRESS, URL, FINANCIAL_ACCOUNT, UPI, PASSPORT, LOCATION, DATE_TIME

This guardrail is added to an Assistant Agent to protect sensitive information during llm processing.

Using the Guardrail in Agent

Add to Assistant Agent

  • Go to Pipelines
  • Select PII Masking Guardrail
  • Drag it into the guardrial component of AssistantAgent

Configure Masking

Select Entities to Mask

  • Choose which types of sensitive information to mask from the common entity list.
Guardrail UI configuration

Behavior

  • Unmask at End:
    • When enabled, masked values will be restored to their original form after processing.
    • When disabled, placeholders remain in the output.
Guardrail UI configuration

Output

  • The text returned by the pipeline has all selected entities replaced by placeholders (e.g., <PERSON_ABC123>).
  • If unmasking is enabled, the original text is restored after processing.

Common Use Cases

  • Masking personal information like names, emails, and phone numbers in messages
  • Protecting financial data such as UPI IDs, credit cards, and bank accounts
  • Ensuring compliance with privacy and security policies in document workflows

Summary

The PII Masking Guardrail allows users to safely mask sensitive information in text within Assistant Agents.

  • Supports common and custom entities
  • Optional unmasking restores original text after processing
  • Easy configuration via the agent UI with visual toggles and settings