PII
The PII (Personally Identifiable Information) detection guardrail protects your LLM applications from processing or exposing sensitive personal data such as email addresses, phone numbers, credit card numbers, and Social Security Numbers.
What you need
- Python 3.10 or higher.
cx-guardrailsinstalled. See Getting Started with Guardrails.- Environment variables configured:
CX_GUARDRAILS_TOKEN,CX_GUARDRAILS_ENDPOINT. - A Team API key with the AiObservability role preset, used as
CX_GUARDRAILS_TOKEN. The AiObservability preset includesAI-GUARDRAILS:MANAGEand all other permissions required to use Guardrails. - The
AI-GUARDRAILS:MANAGEpermission.
Install the SDK
Set up environment variables
export CX_GUARDRAILS_TOKEN="your-coralogix-guardrails-api-key"
export CX_GUARDRAILS_ENDPOINT="https://api.<domain>.coralogix.com/api/v1/guardrails/guard"
export CX_TOKEN="your-coralogix-send-your-data-key"
export CX_ENDPOINT="https://your-domain.coralogix.com"
# Optional: Application metadata for observability
export CX_APPLICATION_NAME="my-app"
export CX_SUBSYSTEM_NAME="my-subsystem"
Set up observability
To send guardrail spans to AI Center, set up OpenTelemetry trace export. For the full overview, see OpenTelemetry integration for AI Center.
Install the OpenTelemetry packages:
Export the OTLP environment variables:
export OTEL_EXPORTER_OTLP_ENDPOINT="https://ingress.:443"
export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Bearer <your-api-key>"
export OTEL_SERVICE_NAME="my-ai-service"
export OTEL_RESOURCE_ATTRIBUTES="cx.application.name=my-app,cx.subsystem.name=my-subsystem"
export OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT=true
export OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental
Initialize the tracer provider in your application before any guardrail or LLM calls:
from opentelemetry import trace
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter
from opentelemetry.sdk.resources import Resource
from opentelemetry.sdk.trace import TracerProvider
from opentelemetry.sdk.trace.export import BatchSpanProcessor
def configure_otel() -> TracerProvider:
resource = Resource.create()
provider = TracerProvider(resource=resource)
provider.add_span_processor(BatchSpanProcessor(OTLPSpanExporter()))
trace.set_tracer_provider(provider)
return provider
Available PII categories
| Category | Enum value | Description |
|---|---|---|
| Email Address | PIICategory.EMAIL_ADDRESS | Email addresses |
| Phone Number | PIICategory.PHONE_NUMBER | Phone numbers |
| Credit Card | PIICategory.CREDIT_CARD | Credit/debit card numbers |
| US SSN | PIICategory.US_SSN | US Social Security Numbers |
Usage
import asyncio
from cx_guardrails import Guardrails, PII, GuardrailsTriggered
async def main():
guardrails = Guardrails()
async with guardrails.guarded_session():
try:
await guardrails.guard_prompt(
prompt="My email is john.doe@example.com",
guardrails=[PII()],
)
print("No PII detected")
except GuardrailsTriggered as e:
print(f"PII detected: {e}")
asyncio.run(main())
Configuration options
Specific categories
Detect only specific PII types:
await guardrails.guard_prompt(
prompt=user_input,
guardrails=[PII(categories=[PIICategory.EMAIL_ADDRESS, PIICategory.CREDIT_CARD])],
)
Custom threshold
Adjust detection sensitivity (0.0 to 1.0, default 0.7):
# Lower threshold — more sensitive
await guardrails.guard_prompt(
prompt=user_input,
guardrails=[PII(threshold=0.5)],
)
# Higher threshold — less sensitive
await guardrails.guard_prompt(
prompt=user_input,
guardrails=[PII(threshold=0.9)],
)
Threshold: Defines the value from which a guardrail action is triggered. When the threshold is met or exceeded, the guardrail action is executed, returned through the API, and the system marks the event as an issue.
Next steps
Detect and block toxic, harmful, or offensive content with Toxicity.