Configure GuardrailsGuardrail Catalog

PII Detection

View as Markdown

Personally Identifiable Information (PII) detection helps protect user privacy by detecting and masking sensitive data in user inputs, LLM outputs, and retrieved content.

GLiNER-based PII Detection

The NeMo Guardrails library supports PII detection and masking using the NVIDIA GLiNER-PII NIM. For a full step-by-step walkthrough that includes CLI usage, Python SDK usage, and local deployment, refer to the GLiNER Integration page. The examples below assume each configuration lives in its own subdirectory under config/ (NeMo Guardrails merges every .yml / .yaml file it finds in a --config directory, so detection and masking rule sets need separate folders).

NVIDIA-Hosted Endpoint

Use the NVIDIA-hosted NIM by setting api_key_env_var in both the models block and the gliner config block.

nvidia/gliner-pii does not appear in the configs below because it is the default value of rails.config.gliner.model. You only need to set that field explicitly if you want to use a different model:

1rails:
2  config:
3    gliner:
4      model: nvidia/gliner-pii  # default — omit or change as needed

PII detection (save as config/pii_detection/config.yml) blocks input or output that contains PII:

1models:
2  - type: main
3    engine: nim
4    model: meta/llama-3.1-8b-instruct
5    api_key_env_var: NVIDIA_API_KEY
6
7rails:
8  config:
9    gliner:
10      server_endpoint: https://integrate.api.nvidia.com/v1/chat/completions
11      api_key_env_var: NVIDIA_API_KEY
12      threshold: 0.5  # Confidence threshold (0.0 to 1.0)
13      input:
14        entities:  # If no entity is specified, all default PII categories are detected
15          - email
16          - phone_number
17          - ssn
18          - first_name
19          - last_name
20      output:
21        entities:
22          - email
23          - phone_number
24          - credit_debit_card
25  input:
26    flows:
27      - gliner detect pii on input
28  output:
29    flows:
30      - gliner detect pii on output

PII masking (save as config/pii_masking/config.yml) replaces detected PII with label placeholders, such as changing Hi John to Hi [FIRST_NAME]:

1models:
2  - type: main
3    engine: nim
4    model: meta/llama-3.1-8b-instruct
5    api_key_env_var: NVIDIA_API_KEY
6
7rails:
8  config:
9    gliner:
10      server_endpoint: https://integrate.api.nvidia.com/v1/chat/completions
11      api_key_env_var: NVIDIA_API_KEY
12      input:
13        entities:
14          - email
15          - first_name
16          - last_name
17      output:
18        entities:
19          - email
20          - first_name
21          - last_name
22  input:
23    flows:
24      - gliner mask pii on input
25  output:
26    flows:
27      - gliner mask pii on output

Locally Hosted NIMs

To run both NIMs locally, pull the Docker containers and point each endpoint to localhost. No api_key_env_var is needed for local inference.

Important: You still need an NGC_API_KEY (starting with nvapi-) to pull the Docker images and download model artifacts. You can generate one at org.ngc.nvidia.com/setup/api-keys or build.nvidia.com. Legacy NGC keys (older format, not starting with nvapi-) will cause the container to fail during artifact download.

If you already have an NVIDIA_API_KEY starting with nvapi-, you can reuse it:

$export NGC_API_KEY="$NVIDIA_API_KEY"

Alternatively, you can pass the key directly at container runtime — this avoids overwriting any existing NGC_API_KEY in your environment:

$docker run ... -e NGC_API_KEY="$NVIDIA_API_KEY" ...

See the GLiNER Integration — Deploy NIMs Locally section for full docker run instructions.

PII detection (update config/pii_detection/config.yml):

1models:
2  - type: main
3    engine: nim
4    model: meta/llama-3.1-8b-instruct
5    parameters:
6      base_url: http://localhost:8001/v1
7
8rails:
9  config:
10    gliner:
11      server_endpoint: http://localhost:8000/v1/chat/completions
12      threshold: 0.5
13      input:
14        entities:
15          - email
16          - phone_number
17          - ssn
18          - first_name
19          - last_name
20      output:
21        entities:
22          - email
23          - phone_number
24          - credit_debit_card
25  input:
26    flows:
27      - gliner detect pii on input
28  output:
29    flows:
30      - gliner detect pii on output

PII masking (update config/pii_masking/config.yml):

1models:
2  - type: main
3    engine: nim
4    model: meta/llama-3.1-8b-instruct
5    parameters:
6      base_url: http://localhost:8001/v1
7
8rails:
9  config:
10    gliner:
11      server_endpoint: http://localhost:8000/v1/chat/completions
12      input:
13        entities:
14          - email
15          - first_name
16          - last_name
17      output:
18        entities:
19          - email
20          - first_name
21          - last_name
22  input:
23    flows:
24      - gliner mask pii on input
25  output:
26    flows:
27      - gliner mask pii on output

See the GLiNER Integration page for Docker pull and run instructions.

Presidio-based Sensitive Data Detection

The NeMo Guardrails library supports detecting sensitive data out-of-the-box using Presidio, which provides fast identification and anonymization modules for private entities in text such as credit card numbers, names, locations, social security numbers, bitcoin wallets, US phone numbers, financial data and more. You can detect sensitive data on user input, bot output, or the relevant chunks retrieved from the knowledge base.

To activate a sensitive data detection input rail, you have to configure the entities that you want to detect:

1rails:
2  config:
3    sensitive_data_detection:
4      input:
5        entities:
6          - PERSON
7          - EMAIL_ADDRESS
8          - ...

Example usage

1rails:
2  input:
3    flows:
4      - mask sensitive data on input
5  output:
6    flows:
7      - mask sensitive data on output
8  retrieval:
9    flows:
10      - mask sensitive data on retrieval

For more details, check out the Presidio Integration page.

Private AI PII Detection

The NeMo Guardrails library supports using Private AI API for PII detection and masking input, output and retrieval flows.

To activate the PII detection or masking, you need specify server_endpoint, and the entities that you want to detect or mask. You’ll also need to set the PAI_API_KEY environment variable if you’re using the Private AI cloud API.

1rails:
2  config:
3    privateai:
4      server_endpoint: http://your-privateai-api-endpoint/process/text  # Replace this with your Private AI process text endpoint
5      input:
6        entities:  # If no entity is specified here, all supported entities will be detected by default.
7          - NAME_FAMILY
8          - EMAIL_ADDRESS
9          ...
10      output:
11        entities:
12          - NAME_FAMILY
13          - EMAIL_ADDRESS
14          ...

Example usage

PII detection

1rails:
2  input:
3    flows:
4      - detect pii on input
5  output:
6    flows:
7      - detect pii on output
8  retrieval:
9    flows:
10      - detect pii on retrieval

For more details, check out the Private AI Integration page.