What it catches

Identifiers — SSNs, SINs, EU VAT, US drivers, passport numbers, tax IDs
Financial — credit cards (Luhn-validated), bank accounts, IBAN, routing numbers
Health — ICD-10 codes, medical record numbers, US-NPI provider IDs (HIPAA-aware)
Contact — email addresses, phone numbers (E.164), street addresses, geocoordinates
Custom patterns — your own regex / NER / classifier models for domain-specific fields

How it rewrites

Two modes:

Token replacement — deterministic mapping (same input maps to the same token across the session). Preserves coreference; the model can still reason about "the customer" without seeing the name.
Type-only erasure — replace with the type label ([CREDIT_CARD], [EMAIL]). Use when correlation across requests would itself be sensitive.

Either way the model gets enough signal to answer; your data does not leak.

Inline at the gateway

Shield runs as a phase in the gateway pipeline, before dispatch. The redacted payload is what the upstream model sees. The original is hashed but not stored unless your administrator opts in to debug capture.

What you see

The dashboard's Inspector tab shows redaction events on every relevant request. You see what type was redacted, how many tokens were replaced, and the policy that triggered it. The original is never displayed.

Compliance posture

HIPAA — Shield's PHI classifier is calibrated to the HHS Safe Harbor de-identification standard
GDPR — pseudonymization-grade tokenization meets the GDPR Article 4 standard for processed personal data
PCI-DSS — PAN redaction prior to model dispatch removes scope from the AI subsystem

Adjacent reading

Gateway — where Shield runs in the request lifecycle
Security posture — full compliance + tamper-resistance story
Policy language — how to express custom redaction rules