Show HN: Pseudonymizing sensitive data for LLMs without losing context(atticsecurity.com)
atticsecurity.com
Show HN: Pseudonymizing sensitive data for LLMs without losing context
https://atticsecurity.com/en/blog/why-llms-hate-fake-data-token-proxy/
9 comments
That's a great point. Because my tool is designed for security operations and triage, the context (like knowing an IP is from Hetzner, or a domain is a known burner) is actually the signal the LLM needs to do its job. I made a conscious trade-off to allow some contextual metadata to pass through to preserve utility.
Since I'm based in the Netherlands, I look at this strictly through the lens of the Dutch privacy law (the AVG). Under the AVG, there's a hard line between anonymized data and pseudonymized data. Because of the exact 'mosaic effect' you mentioned, pseudonymized data is legally still treated as personal data. So, the re-identification risk is an accepted reality.
Essentialy i treat the tool as an extra effort to reduce PII leaks. But its not foolproof against the context clues.
Since I'm based in the Netherlands, I look at this strictly through the lens of the Dutch privacy law (the AVG). Under the AVG, there's a hard line between anonymized data and pseudonymized data. Because of the exact 'mosaic effect' you mentioned, pseudonymized data is legally still treated as personal data. So, the re-identification risk is an accepted reality.
Essentialy i treat the tool as an extra effort to reduce PII leaks. But its not foolproof against the context clues.
I have one (at least) fundamental concern about the approach - let's say I'm building an anti-fraud system that uses AI (through API), and maybe I'm asking AI whether my user [email protected] is a potential fraudster. By masking this email address I'm sabotaging my own AI prompt - the AI cannot longer reason based on the facts that 1) the email is a free public email 2) the email says 'fraud' right in your face.
This is really cool - I'm still in V2 with NER for redacting PII before sending to model BUT that was just on simple email analysis. I bet most teams building for security with AI haven't addressed this! Thanks for sharing!
ooh nice. i built something exactly similar last year.
- https://github.com/deepanwadhwa/semi_private_chat
- https://github.com/deepanwadhwa/zink
- https://github.com/deepanwadhwa/semi_private_chat
- https://github.com/deepanwadhwa/zink
oh sweet, that would have saved allot of time!
Curious if you have thought about that side of things with your V3 implementation?