Implementation:Protectai Llm guard Sensitive
| Knowledge Sources | |
|---|---|
| Domains | NLP, Data_Privacy, Output_Validation |
| Last Updated | 2026-02-14 12:00 GMT |
Overview
Concrete tool for detecting and optionally redacting PII in LLM outputs using NER models and Presidio, provided by the LLM Guard library.
Description
The Sensitive class is an output scanner that detects personally identifiable information in LLM-generated text. It uses the same detection pipeline as the Anonymize input scanner (DeBERTa NER + regex patterns + Presidio AnalyzerEngine) but is designed for output validation. When redact is enabled, detected entities are replaced using Presidio's AnonymizerEngine.
Usage
Import this scanner to detect PII leakage in LLM outputs. Use with redact=True to automatically remove sensitive data before returning responses to users.
Code Reference
Source Location
- Repository: llm-guard
- File: llm_guard/output_scanners/sensitive.py
- Lines: L29-116
Signature
class Sensitive(Scanner):
def __init__(
self,
*,
entity_types: list[str] | None = None,
regex_patterns: list[DefaultRegexPatterns | RegexPatternsReuse] | None = None,
redact: bool = False,
recognizer_conf: NERConfig | None = None,
threshold: float = 0.5,
use_onnx: bool = False,
language: str = "en",
) -> None:
"""
Args:
entity_types: PII types to detect. Default: all standard types.
regex_patterns: Custom regex patterns. Default: None.
redact: Redact detected PII in output. Default: False.
recognizer_conf: NER model config. Default: DEBERTA_AI4PRIVACY_v2_CONF.
threshold: Minimum confidence score. Default: 0.5.
use_onnx: Use ONNX runtime. Default: False.
language: Detection language ("en" or "zh"). Default: "en".
"""
def scan(self, prompt: str, output: str) -> tuple[str, bool, float]:
"""
Detect PII in LLM output and optionally redact.
Returns:
- Output (original or redacted if redact=True)
- False if PII detected, True if clean
- Risk score based on highest detection confidence
"""
Import
from llm_guard.output_scanners import Sensitive
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| entity_types | list[str] | No | PII types to detect (default: all standard types) |
| regex_patterns | list | No | Custom regex patterns (default: None) |
| redact | bool | No | Redact detected PII (default: False) |
| recognizer_conf | NERConfig | No | NER model config (default: DEBERTA_AI4PRIVACY_v2_CONF) |
| threshold | float | No | Confidence threshold (default: 0.5) |
| use_onnx | bool | No | Use ONNX runtime (default: False) |
| language | str | No | Detection language (default: "en") |
| prompt | str | Yes (scan) | Original prompt |
| output | str | Yes (scan) | LLM output to check |
Outputs
| Name | Type | Description |
|---|---|---|
| output | str | Original output or redacted version |
| is_valid | bool | False if PII detected above threshold |
| risk_score | float | Highest detection confidence, normalized |
Usage Examples
Basic Detection
from llm_guard.output_scanners import Sensitive
scanner = Sensitive(threshold=0.5)
prompt = "Tell me about the CEO"
output = "The CEO is John Smith, reachable at john@company.com"
_, is_valid, score = scanner.scan(prompt, output)
# is_valid: False (PII detected)
With Redaction
from llm_guard.output_scanners import Sensitive
scanner = Sensitive(redact=True, threshold=0.5)
prompt = "Tell me about the CEO"
output = "The CEO is John Smith, reachable at john@company.com"
redacted, is_valid, score = scanner.scan(prompt, output)
# redacted: "The CEO is <PERSON>, reachable at <EMAIL_ADDRESS>"
Related Pages
Implements Principle
Requires Environment
- Environment:Protectai_Llm_guard_Python_Runtime_Dependencies
- Environment:Protectai_Llm_guard_ONNX_Runtime_Acceleration
Uses Heuristic
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment