NEW RESEARCH: Your Sandbox Is Made of Glass

Read

Trinitite

PII Redaction API

Redact PII before inference. Restore it after.

A reversible PII redaction API that swaps sensitive values for deterministic tokens before a prompt leaves your trust boundary — so the model still reasons, the provider never sees plaintext, and one call crypto-shreds the whole flow. It runs inline in the proxy you already point your agents at.

# prompt before it leaves your boundary

"Email jane@acme.com re: invoice"

# what the LLM provider sees

"Email <TRT::pii_email::A3F9> re: invoice"

# restored only at allow-listed egress

200 OK → jane@acme.com

# crypto-shred the whole flow

DELETE /v1/masking/flows/:flowId

The trade-off nobody should make

Static redaction blinds the model. This doesn’t.

[REDACTED]

Strip it and pray

Delete the value and the model can no longer reason about the entity. Responses come back littered with placeholders you patch by hand, and multi-agent flows lose the thread the moment the data is gone.

<TRT::pii::A3F9>

Tokenize and reason

The same entity renders as the same token across every hop in a flow, so agents reason normally. The original is restored only at egress you trust — and a leaked prompt log on the provider side is worthless without the in-memory salt.

Four hooks in a path you already run

Detect → tokenize → forward → unmask

Detect

A DLP detector fires on PII, credentials, and your custom regulated categories before the prompt leaves your trust boundary.

Tokenize

Each value is replaced with a deterministic-per-flow token. The model sees a coherent prompt it can reason about — not a wall of [REDACTED].

Forward

The tokenized prompt goes upstream. The provider — and any prompt log on their side — only ever sees the token.

Unmask

On the way back, tokens are restored to plaintext only at egress points your policy explicitly allow-lists. Default-deny.

Control, receipt, shred

Pseudonymization your auditor can verify.

Masking is a control surface for HIPAA (de-identification for the duration the data exists in model context), GDPR Art. 4(5) pseudonymization and Art. 17 erasure (the crypto-shred), GLBA, and SOC 2 CC6/CC7 — every mask and unmask decision lands in the same audit telemetry as every other governance action, with the policy id immutably recorded.

This is the developer entry point to the broader reversible masking surface, one of the five verdicts an AI guardrail can return, and every flow binds its manifest hash to a replayable receipt.

FAQ

PII redaction API, answered

What is a PII redaction API?

A PII redaction API removes or replaces personally identifiable information in text before it reaches a third party — in this case, an LLM or an agent tool. Trinitite’s is reversible: instead of deleting the value, it substitutes a deterministic token the model can reason about, then restores the original only at egress points you trust. It runs inline in the proxy you already point your agents at.

How is reversible masking different from static [REDACTED] redaction?

Static redaction strips the value, so the model loses the ability to reason about the entity and you get [REDACTED] placeholders back that need post-hoc patching. Reversible masking keeps the prompt coherent — the same entity renders as the same token across multi-step agent hops in one flow — and restores the original at allow-listed egress. Two different flows produce two different tokens for the same value, so prompts can’t be correlated across flows.

Where are the tokens stored, and can I erase them?

Tokens live in memory in an AES-256-GCM AEAD-encrypted vault keyed per (org, flow) — never in your audit database. A single DELETE on the flow drops the per-flow salt, making the ciphertext mathematically unrecoverable. That crypto-shred is the primitive behind GDPR Art. 17 right-to-erasure and incident response.

Can I prove redaction happened without exposing the data?

Yes. Every issued token contributes to a mask_manifest_hash bound onto the same deterministic-inference receipt as the call — so an auditor can prove which categories were tokenized on which flow without ever seeing the originals.

Mask one real prompt with us, end to end.

We’ll tokenize live PII before it hits the provider, show the agent reasoning on the tokens, restore the original at egress, and crypto-shred the flow on demand.

Trinitite

AI governance that catches mistakes, proves compliance, and shows the board what it saved—in dollars.

Trinitite is built by Fiscus Flows, Inc.

Product

Guardian AI Vector Integrity Trustworthy Knowledge Reversible Masking MCP Governance CLI Firewall Skill Vault

NHI Management Self-Improving Governance Risk Analytics Scenario Analytics Compliance Connectors Pricing

Solutions

For Risk & Compliance For Model Risk (SR 11-7)For General Counsel For Engineering For Finance & Audit For CISOs For Insurers For Auditors For CPOs & Compliance

Resources

Research Webinars & Videos Blog Podcasts AGRC Framework FAQ Architecture

Developers

Documentation