Sandia Developers Reveal That Most Apps Leak PII to LLMs, Launch Redacta Fix With Just 2 Lines of Code
Key Takeaways
- ▸Research shows most applications send PII directly to LLMs without protective measures, creating a significant privacy risk
- ▸Redacta provides a minimal-friction solution requiring only API key and baseURL changes to implement enterprise-grade PII protection
- ▸The solution supports all major LLM providers (OpenAI, Anthropic, Google) with streaming, tool use, and maintains encrypted token mappings for secure data handling
Summary
A security research finding by the Sandia Development Group has uncovered a critical privacy vulnerability: most applications inadvertently send personally identifiable information (PII) directly to large language models. In response, the team has developed Redacta, a PII protection middleware that sits between applications and LLM providers, automatically detecting and scrubbing sensitive data before it reaches AI models.
Redacta requires minimal integration effort—just two lines of code or simple environment variable configuration—making it accessible to developers regardless of technical expertise. The solution works by intercepting API calls, replacing PII with anonymized tokens that are sent to models like OpenAI's GPT-4, Anthropic's Claude, and Google's Gemini, while maintaining encrypted mappings server-side to restore original information in responses.
The platform supports multiple LLM providers and includes a browser extension for direct use on ChatGPT, Claude, and Gemini websites. It handles various data types including names, SSNs, credit cards, emails, phone numbers, and US street addresses, with file scanning capabilities for over 20 document formats. Redacta is currently in early access, targeting B2B teams in compliance-sensitive industries including regulated SaaS platforms, startups, and organizations handling customer data.
- Browser extension adds protection for direct web usage on ChatGPT, Claude, and Gemini with local processing and no transmitted content
Editorial Opinion
The widespread exposure of PII to LLMs represents a critical oversight in the AI application ecosystem, and Redacta's two-line fix addresses a genuine pain point that enterprises face when integrating LLMs with sensitive customer data. The approach of transparent interception at the SDK level is pragmatic and lowers barriers to adoption compared to requiring full code refactoring. However, the early-access-only status and enterprise pricing suggest this may remain out of reach for smaller developers who arguably need this protection most.
