Knowledgebase
PII & Sensitive Data Masking
When PII or sensitive data is received by Layerup Security masking, we’ll ensure that none of it is ever sent to a third-party LLM, without any interruption in service.
1
PII or sensitive data is received
2
Perform data sanitization
If any PII or sensitive data is contained within the request, Layerup Security
will sanitize the prompt by replacing the sensitive data with variable names.
The SDK will then return an updated LLM query, along with a function that can
later be called to unmask the data once the LLM response is obtained.Here is an example of how an input with PII can be sanitized by Layerup Security.
Write an email to my patient Sally Zhang asking if I can call her tomorrow morning about a virtual appointment. Also confirm her phone number is still (484) 381-8512.
3
Send data to LLM
Send the masked prompt to your 3rd-party LLM, with an extra layer of security: no PII or sensitive data will be sent at all.
4
Receive response and de-sanitize data
Once your 3rd party LLM has responded, use the unmask function provided by the SDK to replace the templatized variables with the actual values.Here is an example of how a templatized response is de-sanitized by Layerup Security.
Dear Ms. [PATIENT_LAST_NAME],I hope this message finds you well. Could we arrange a brief call tomorrow morning to discuss an upcoming virtual appointment? Additionally, could you please confirm if your current phone number is still [PATIENT_PHONE_NUMBER]?