OWASP LLM Top 10LLM02:2025highv1.0.0 · System

PII Input Redaction

Strips PII from user prompts before they reach the model, preventing accidental exposure to third-party LLM providers.

📘Clone & start observing

Creates a Guideline policy. Observation only — nothing is blocked until you promote to Strict.

Mode on clone: log

Policy name

Defaults to template name. Customise to distinguish multiple instances of the same template.

Leave empty to apply broadly via the template's default data-classification / risk-tier filters.

Rationale

When using third-party LLMs, prompts may be logged or used for training. Redacting PII at the input boundary protects employees from inadvertent personal data disclosure.

Example violation

User prompt: "Can you help me write a follow-up email to john.smith@acme.com about his medical leave request?"

Triggers (1)

inputRedact PII before sending prompt to model

Detectors (1)

pii_detectorpii-named-entity
NER-based PII detection

Actions (2)

redactReplace PII with [REDACTED_EMAIL], [REDACTED_NAME] etc.
logRecord redaction event for audit

Tunable parameters (2)

PII detection confidence

basicnumber

Higher = fewer false positives.

Default: 0.8

Preserve format (length, casing)

advancedboolean

Keep redacted tokens roughly the same shape so model behaviour is unchanged.

Default: true

Regulatory references

GDPR Art. 5

Template defaults (suggested target after promotion)

Suggested mode

redact

Risk tiers

—

Data classifications

confidential, restricted

Departments

—

Cloned policies start in Guideline mode. Use the promotion wizard to flip to Strict once you trust the false-positive rate.