Identity Guard
·
Privacy Inspector
Sensitive values are tokenized in your browser before they reach the model — restored only locally.
protected token (what the model sees)
restored value (only on your device)
Theme
Venice
Venice Light
Terminal
◈ POC status
Checkpoints A·B done · C/D/E partial · 136 tests green · 4 PII types · collapse me for the demo →
Progress
A — redaction engine
done
B — mock POC + inspector
done
C — real-stream (gpt-5.5)
partial
D — evals / perf / privacy
D1·D3·D4a
E — contextual model spike
design
Tests
136 green
PII filtered now
Email
on
US SSN (validated)
on
API keys / secrets (9 prefixes)
on
Payment card (Luhn)
flagged
Phone · URL · names · addresses
deferred
Detector evals (synthetic corpus)
Precision / Recall / F1
1.00
False positives / 1k
0
Exact span boundary
1.00
Categories scored
EMAIL·SSN·API_KEY·CARD
Model protocol (gpt-5.5)
Token preservation
100%
Hidden-value leakage
0%
Unnecessary refusals
0%
Task success vs off
+38%
Performance
protect() p99 @ 50 KB
~0.42 ms
Catastrophic backtracking
none
Redaction core (gzip)
~4.4 KB
Runtime dependencies
0
Guarantees
Fail-closed on detector error
✓
Exact vault-keyed restore only
✓
Vault in-memory, never serialized
✓
Multi-turn re-protection
✓
Identity Guard
ON
New conversation
▍ streaming…
Model
gpt-5.5
Real-world examples — the model helps, but never sees the secret
🔑 API key → .env one-liner
✉️ Email → git config
🆔 SSN → curl request
💳 Card → file write
Adversarial / limit cases — the model can’t see the value, so it should refuse, not guess
🚫 Acrostic from my SSN
🚫 Domain of my email
🚫 Last 4 of my card
🚫 Spell out my API key
Send
Privacy Inspector
— per turn: what crosses the wire, and what came back