CyberCage
CyberCage Blog
pii data-protection devtools ai-security

PII Detection: Protect the Work, Don't Interrupt the Builder

Automatically detect and redact sensitive data before it reaches Claude, ChatGPT, or GitHub Copilot. On-device ML powered detection for text and images.

By CyberCage Team
PII Detection: Protect the Work, Don't Interrupt the Builder

We just shipped PII detection for CyberCage.

The idea: builders move fast, copy-paste doesn’t think. Sometimes sensitive stuff ends up in AI tools — SSNs, API keys, customer data. Not intentional, just momentum.

We built something that catches it before it leaves the machine.

What We Shipped

PII detection that runs before content reaches AI providers. Text and images. All processed on the user’s device.

Text Detection

Built-in patterns:

  • Social Security Numbers
  • Credit card numbers
  • Phone numbers (international formats)
  • Email addresses
  • Physical addresses
  • AWS access keys (AKIA…)
  • GitHub tokens (ghp_…)
  • OpenAI API keys (sk-…)
  • Private keys and database credentials

Custom rules:

  • Your own regex patterns
  • Keyword lists
  • Project names, customer identifiers, whatever you need

Image Analysis

We detect and redact PII directly from images. On-device processing — data never leaves your computer.

ML powered detection runs locally. Nothing gets sent anywhere for scanning.

What Happens When Something’s Detected

Three options per rule:

  • Log — Record it, let it through (good for getting baseline visibility)
  • Block — Stop the request, tell the user why
  • Redact — Replace sensitive bits with placeholders, send the rest

Redaction is the sweet spot for many teams. The question still goes through, minus the PII. Builder stays in flow.

Supported Providers

Works with:

  • Claude Web (claude.ai)
  • ChatGPT (chatgpt.com)
  • GitHub Copilot
  • x.AI / Grok

Different rules for different providers if you want.

Example

Builder pastes a support ticket into Claude to help draft a response:

Customer: John Smith
Email: john.smith@example.com
SSN: 123-45-6789
Issue: Can't access account

With redaction enabled, it gets sent as:

Customer: [NAME]
Email: [EMAIL]
SSN: [SSN]
Issue: Can't access account

Builder gets their AI help. Sensitive data stays local. Flow uninterrupted.

Configuration

Dashboard:

Content Rules → Create:
  Name: SSN Detection
  Pattern: \d{3}-\d{2}-\d{4}
  Severity: High
  Action: Redact

We include templates for common patterns. Start there, customize as needed.

Getting Started

  1. Enable content rules in dashboard
  2. Start with templates
  3. Add custom patterns for your org
  4. Begin with logging, tighten controls over time

Starting with log-only is smart. See what actually gets flagged before you start blocking or redacting.

The Philosophy

Builders create beautiful things when they’re in flow. Every interruption costs momentum.

Protection shouldn’t mean friction. The best security is the kind people don’t notice — it just works in the background, catching things before they become problems.

Let builders build. We’ll handle the rest.

Ready to try it? Check out the Network Inspection setup guide — PII detection is part of the same setup.

Questions? contact@cybercage.io