We’ve written about how to prevent logging sensitive information when making
network requests, but that approach only works if you’re dealing with
parameters.
What happens when you’re dealing with free text? Filtering the entire string may
not be an option if an external API needs to process the value. Think chatbots or LLMs.
You could use a regex to filter sensitive information (such as credit card
numbers or emails), but that won’t capture everything, since not all sensitive
information can be captured with a regex.
Fortunately, named-entity recognition (NER) can be used to identify and
classify real-world objects, such as a person, or location. Tools like MITIE
Ruby make interfacing with NER models trivial.
By using a combination of regex patterns and NER entities, Top Secret
effectively filters sensitive information from free text—here are some
real-world examples.
If you want to see Top Secret in action, you might enjoy this live
stream. Otherwise, see the examples below.
Working with LLMs
It’s not uncommon to send user data to chatbots. Since the data might be
free-form, we should be diligent about filtering it using the approach mentioned
above.
However, it’s likely we’ll want to “restore” the filtered values when returning
a response from the chatbot. Top Secret returns a mapping that would
allow for this.
You’d likely want to provide instructions in the request.
instructions = <<~TEXT
I'm going to send filtered information to you in the form of free text.
If you need to refer to the filtered information in a response, just reference it by the filter.
TEXT
The exchange might look something like this.
-
Caller sends filtered text
result = TopSecret::Text.filter("Ralph lives in Boston.") # Send this to the API result.output # => [PERSON_1] lives in [LOCATION_1]. # Save the mapping to "restore" response mapping = result.mapping # => { PERSON_1: "Ralph", LOCATION_1: "Boston" } -
API responds with filter
"Hi [PERSON_1]! How is the weather in [LOCATION_1] today?" -
Caller can “restore” from the mapping
response = "Hi [PERSON_1]! How is the weather in [LOCATION_1] today?" # Restore the response from the mapping result = TopSecret::FilteredText.restore(response, mapping: mapping) result.output # => Hi Ralph! How is the weather in Boston today?
Filtering conversation history
When working with conversation state you should filter every message
before including it in the request. This ensures no sensitive data slips through
from previous messages. Here’s what that might look like.
require "openai"
require "top_secret"
openai = OpenAI::Client.new(
api_key: Rails.application.credentials.openai.api_key!
)
original_messages = [
"Ralph lives in Boston.",
"You can reach them at ralph@thoughtbot.com or 877-976-2687"
]
# Filter all messages
result = TopSecret::Text.filter_all(original_messages)
filtered_messages = result.items.map(&:output)
user_messages = filtered_messages.map { {role: "user", content: it} }
# Instruct LLM how to handle filtered messages
instructions = <<~TEXT
I'm going to send filtered information to you in the form of free text.
If you need to refer to the filtered information in a response, just reference it by the filter.
TEXT
messages = [
{role: "system", content: instructions},
*user_messages
]
chat_completion = openai.chat.completions.create(messages:, model: :"gpt-5")
response = chat_completion.choices.last.message.content
# Restore the response from the mapping
mapping = result.mapping
restored_response = TopSecret::FilteredText.restore(response, mapping:).output
puts(restored_response)
Prevent storing sensitive information with validations
Top Secret can also be used as a validation tool to prevent storing sensitive
information in your database.
class Message < ApplicationRecord
validate :content_cannot_contain_sensitive_information
private
def content_cannot_contain_sensitive_information
result = TopSecret::Text.filter(content)
return if result.mapping.empty?
errors.add(:content, "contains the following sensitive information #{result.mapping.values.to_sentence}")
end
end
If the validation is too strict, you can override or disable any of
the filters as needed.
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -4,7 +4,7 @@ class Message < ApplicationRecord
private
def content_cannot_contain_sensitive_information
- result = TopSecret::Text.filter(content)
+ result = TopSecret::Text.filter(content, people_filter: nil, location_filter: nil)
return if result.mapping.empty?
errors.add(:content, "contains the following sensitive information #{result.mapping.values.to_sentence}")
Wrapping up
It’s our responsibility to protect user data. This is more important than ever
given the rise in popularity of chatbots and LLMs. Tools like Top Secret aim to
reduce this burden.
