Detect PII exposure

Rule structure:
Create the policy

To detect Personally Identifiable Information (PII) exposure, you can use the pii rule. This rule helps identify and prevent the disclosure of sensitive personal information in AI responses. For more details, see our Rules Catalog.

Rule structure:

type: pii
value: list of PII categories to detect
expected: fail (to flag when PII is detected)
threshold: Confidence level for PII detection (e.g., 0.8 for 80% confidence)

We noticed this works better with the maximum of 5 categories in the value field. For more than 5 categories, we suggest to add more rules, see the example below.

Create the policy

Here’s an example of a policy to detect PII exposure:

{
  "id": "unique policy id",
  "definition": "short description",
  "rules": [
    {
      "type": "pii",
      "value": "email, phone number, company address",
      "expected": "fail",
      "threshold": 0.9
    },
    {
      "type": "pii",
      "value": "personal ID, passport number, driver license number",
      "expected": "fail",
      "threshold": 0.9
    },
    {
      "type": "pii",
      "value": "CPF, CNPJ, NIP, RG, SSN, SIN, personal document number",
      "expected": "fail",
      "threshold": 0.9
    }
  ],
  "target": "output"
}

Detect direct prompt injection Probes Catalog

⌘I

Getting started

Real-time protection

Risk assessment

Manage GenAI applications

Detect PII exposure

Rule structure:

Create the policy

Getting started

Real-time protection

Risk assessment

Manage GenAI applications

​Rule structure:

​Create the policy

Rule structure:

Create the policy