To detect Personally Identifiable Information (PII) exposure, you can use the pii rule. This rule helps identify and prevent the disclosure of sensitive personal information in AI responses. For more details, see our Rules Catalog.

Rule structure:

  • type: pii
  • value: list of PII categories to detect
  • expected: fail (to flag when PII is detected)
  • threshold: Confidence level for PII detection (e.g., 0.8 for 80% confidence)

We noticed this works better with the maximum of 5 categories in the value field. For more than 5 categories, we suggest to add more rules, see the example below.

Create the policy

Here’s an example of a policy to detect PII exposure:

{
  "id": "unique policy id",
  "definition": "short description",
  "rules": [
    {
      "type": "pii",
      "value": "email, phone number, company address",
      "expected": "fail",
      "threshold": 0.9
    },
    {
      "type": "pii",
      "value": "personal ID, passport number, driver license number",
      "expected": "fail",
      "threshold": 0.9
    },
    {
      "type": "pii",
      "value": "CPF, CNPJ, NIP, RG, SSN, SIN, personal document number",
      "expected": "fail",
      "threshold": 0.9
    }
  ],
  "target": "output"
}
Detect direct prompt injectionProbes Catalog