Platform
Secure
PII Detection

PII Detection

Personally Identifiable Information (PII) detection automatically identifies and masks sensitive data in user queries before they reach the LLM. Xilos uses Microsoft Presidio as its detection engine, combining regular expression matching, rule-based logic, and machine learning models to identify sensitive data patterns in unstructured text. All detection runs locally within the platform — no query content is sent to external APIs for analysis.

Detection Engine (Presidio)

Microsoft Presidio is an open-source PII detection and anonymization engine. Xilos integrates Presidio as the core PII guardrail, running it locally on every query before model routing.

How Presidio works:

  1. Text analysis — Presidio analyzes the query text using a pipeline of recognizers.
  2. Pattern matching — Each recognizer applies regular expressions, rule-based logic, and ML models to identify specific PII types.
  3. Confidence scoring — Detected entities are assigned confidence scores. Entities above the threshold are flagged as PII.
  4. Anonymization — Flagged entities are masked according to the configured masking strategy before the query proceeds to the LLM.

Info: Presidio runs entirely within the Xilos platform. No PII, query content, or detection telemetry is transmitted to external services. Sensitive data never leaves your environment during the detection stage.

Supported PII Types

Xilos ships with Presidio's built-in recognizers for common PII categories:

PII TypeRecognizerExamples
Social Security NumberSpacyRecognizer + regex123-45-6789
Credit Card NumberCreditCardRecognizer4532-1234-5678-9010
Email AddressEmailRecognizeruser@example.com
Phone NumberPhoneRecognizer(555) 123-4567
Bank Account NumberBankAccountRecognizer1234567890
IBAN CodeIbanRecognizerGB29 NWBK 6016 1331 9268 19
US Passport NumberUsPassportRecognizer123456789
US Driver LicenseUsLicenseRecognizerD1234567
IP AddressIpRecognizer192.168.1.100
URLUrlRecognizerhttps://example.com/path
DateDateRecognizerJanuary 15, 2024
Person NameSpacyRecognizerJohn Smith
OrganizationSpacyRecognizerAcme Corporation
LocationSpacyRecognizerSan Francisco
US Bank Routing NumberUsBankRecognizer123456789

Info: NER-based recognizers (person names, organizations, locations) use spaCy models. The accuracy of these recognizers depends on the language model quality and the context of the text.

Masking Strategies

When Presidio detects PII, Xilos applies a masking strategy to redact the sensitive content before the query reaches the LLM. You can configure the masking strategy per PII type or globally.

Replace

Replaces detected PII with a fixed placeholder string.

Example: My SSN is 123-45-6789My SSN is <SSN>

Mask

Replaces detected PII with asterisks, preserving the length and format.

Example: My SSN is 123-45-6789My SSN is ***-**-****

Redact

Removes detected PII entirely, replacing it with an empty string.

Example: My SSN is 123-45-6789My SSN is

Hash

Replaces detected PII with a hash of the original value. Useful when you need to correlate masked values across queries without exposing the original.

Example: My SSN is 123-45-6789My SSN is a1b2c3d4

Warning: The Mask strategy preserves format, which may leak partial information (such as the number of digits in a credit card). For maximum privacy, use the Redact or Replace strategy.

Custom PII Patterns

For organization-specific data formats not covered by the built-in recognizers, Xilos supports custom PII patterns. Custom patterns use regular expressions to define the detection logic.

Creating a Custom Pattern

  1. Define the pattern — Write a regular expression that matches your organization's data format.
  2. Name the recognizer — Provide a unique name for the custom PII type (e.g., EMPLOYEE_ID).
  3. Set the confidence score — Assign a confidence level (0.0 to 1.0) for matches.
  4. Select a masking strategy — Choose how detected custom PII is masked.
  5. Test — Validate the pattern against sample queries containing your custom data format.

Example custom pattern — Employee ID:

FieldValue
NameEMPLOYEE_ID
Regex\bEMP-\d{6}\b
Confidence0.9
MaskingReplace with <EMPLOYEE_ID>

With this custom pattern, the query "Look up the record for EMP-123456" would be masked to "Look up the record for <EMPLOYEE_ID>" before reaching the LLM.

Configuration

Enabling and Disabling Recognizers

Individual PII recognizers can be enabled or disabled per tenant. This allows organizations to tailor detection to their specific compliance requirements.

  1. Navigate to Secure → PII Detection.
  2. Toggle individual recognizers on or off.
  3. Save changes.

Threshold Configuration

Each recognizer uses a confidence threshold. Detected entities scoring below the threshold are not flagged as PII. Adjust thresholds to balance detection sensitivity against false positive rates.

ThresholdBehavior
0.5Conservative — flags more potential PII
0.7Balanced — default
0.85Permissive — flags only high-confidence matches

Per-Rule Overrides

PII detection can be combined with restriction rules for more granular control. For example, a restriction rule can Block queries containing specific PII types while allowing others to be masked. See Restriction Rules for rule creation.

Related