How to use Portkey Guardrails for PII Protection

​

Why PII Guardrails Matter for Your AI Applications

• Regulatory Compliance: Meet requirements for GDPR, CCPA, HIPAA, and other data protection regulations
• Data Breach Prevention: Stop sensitive information from leaking through AI responses
• Customer Trust: Demonstrate commitment to privacy and data protection
• Cost Optimization: Avoid regulatory fines and reputational damage
• Operational Excellence: Automate PII detection and redaction at scale

​

Overview of Portkey’s PII Protection Options

​

1. Portkey Native PII Detection

• Comprehensive PII detection using advanced ML models
• Detects and redacts: names, emails, phones, addresses, SSNs, credit cards, IP addresses
• Simple configuration with immediate results
• Available on Production and Enterprise plans

​

2. AWS Bedrock Guardrails Integration

• Enterprise-grade PII detection from AWS
• Supports custom PII patterns via regex
• Currently focuses on SSN redaction by default

​

3. Partner PII Solutions

​

How PII Transformation Works

• Original: Contains actual PII like names, emails, SSNs
• Final (Transformed): PII replaced with numbered placeholders
• Status: Shows if transformation occurred

​

Setting Up Portkey’s Native PII Detection

​

Step 1: Create a PII Detection Guardrail

1. Navigate to Guardrails → Create
2. Search for “Detect PII” under PRO guardrails
3. Select PII categories to detect:
   • Phone Numbers: Mobile and landline numbers
   • Email Addresses: Personal and corporate emails
   • Location Information: Addresses, cities, coordinates
   • IP Addresses: IPv4 and IPv6 addresses
   • Social Security Numbers: US SSN format
   • Names: First names, last names, full names
   • Credit Card Information: Card numbers

​

Step 2: Enable PII Redaction

​

Step 3: Configure Guardrail Actions

• Async: Run checks without blocking (default: TRUE)
• Deny: Block requests with PII (default: FALSE)
• On Success/Failure: Send feedback for monitoring

​

Step 4: Add to Config and Use

{
  "input_guardrails": ["gr-pii-detection-xxx"]
}

​

Real-World Examples: Portkey vs Bedrock

from portkey_ai import Portkey

# Initialize Portkey with PII protection
portkey = Portkey(
    api_key="PORTKEY_API_KEY",
    config="pc-pii-protection"
)

​

Email Address Detection

Please update my email from john.doe@example.com to john.smith@company.com

Please update my email from [EMAIL_ADDRESS_1] to [EMAIL_ADDRESS_2]

​

Phone Number Detection

My phone number is (555) 123-4567, and my alternate is +1-800-555-0123

My phone number is [PHONE_NUMBER_1], and my alternate is [PHONE_NUMBER_2]

​

Social Security Number Protection

I need to update my tax information. My SSN is 123-45-6789

I need to update my tax information. My SSN is [SSN_1]

​

Credit Card Information

I used my card ending in 4532, full number is 4532-1234-5678-9012

I used my card ending in [CREDIT_CARD_1], full number is [CREDIT_CARD_2]

​

Name Detection

John Smith from accounting needs access. His manager Jane Doe approved it.

[NAME_1] from accounting needs access. His manager [NAME_2] approved it.

​

Address Detection

Deliver to 123 Main Street, Apt 4B, New York, NY 10001

Deliver to [LOCATION_ADDRESS_1]

​

IP Address Detection

My computer IP is 192.168.1.100 and I'm connecting to server at 10.0.0.1

My computer IP is [IP_ADDRESS_1] and I'm connecting to server at [IP_ADDRESS_2]

​

Complex Real-World Scenarios

​

Financial Services Example

Hi, I'm John Smith. My account number is 123456789. 
Please update my email from john.smith@oldbank.com to john@newbank.com.
My SSN for verification is 123-45-6789 and my phone is (555) 123-4567.
I recently used my credit card ending in 4532 for a transaction.

Hi, I'm [NAME_1]. My account number is 123456789. 
Please update my email from [EMAIL_ADDRESS_1] to [EMAIL_ADDRESS_2].
My SSN for verification is [SSN_1] and my phone is [PHONE_NUMBER_1].
I recently used my credit card ending in [CREDIT_CARD_1] for a transaction.

​

Legal Document Example

Case: Smith vs. Johnson
Plaintiff John Smith, residing at 789 Legal Ave, Law City, CA 90210,
email: jsmith@lawfirm.com, phone: (310) 555-1234,
SSN: 111-22-3333 (for court records).
IP address from incident: 192.168.1.50

Case: [NAME_1] vs. [NAME_2]
Plaintiff [NAME_3], residing at [LOCATION_ADDRESS_1],
email: [EMAIL_ADDRESS_1], phone: [PHONE_NUMBER_1],
SSN: [SSN_1] (for court records).
IP address from incident: [IP_ADDRESS_1]

​

Key Differences: Portkey vs Bedrock

​

When to Use Which?

• You need to track individual PII instances
• You want numbered placeholders for better context
• You prefer simple, consistent placeholder format
• You need quick setup without AWS configuration

• You’re already using AWS infrastructure
• You need specific US-format detection (US_BANK_ACCOUNT_NUMBER)
• You want dual detection patterns (e.g., SSN + regex)
• You need to comply with AWS security standards

​

Monitoring PII Detection

​

Viewing Results in Portkey Logs

1. Original Request: What the user sent
2. Final (Transformed): What was sent to the LLM
3. Guardrail Status: Shows if PII detection succeeded
4. Detected Entities: List of all PII found

Guardrails
✓ pii - 1 successful
No PII (when no PII detected)

​

Understanding Response Codes

• 200: Request successful (PII redacted if found)
• 246: PII detected but request continued (Deny = false)
• 446: Request blocked due to PII (Deny = true)