DEV Community

Dillon Roller
Dillon Roller

Posted on

Stop Sending Raw PII to Your LLM

#rust #python #llm #security

Every time you send a support ticket, log file, or user message to an LLM API, you're potentially leaking emails, phone numbers, credit card numbers, API keys, and more to a third party. Most developers know this is a problem. Most do nothing about it because building a sanitization layer from scratch is annoying.

I built Airlock to solve this.

What it does

Airlock runs locally before your LLM call. It:

  • Redacts PII — emails, phone numbers, SSNs, credit cards, API keys, JWTs, env secrets, names, and locations
  • Preserves context — replaces values with consistent pseudonyms (john@example.comuser_a1b2@redacted.local), so the same value always maps to the same alias within a session and your LLM response still makes sense
  • Compresses tokens — strips redundant whitespace, repeated keys, and boilerplate. Typical JSON payloads see 30–60% token reduction
  • Keeps an audit ledger — every redaction is logged to a local SQLite database for compliance

No network calls. Nothing leaves your machine.

Install

Python:

pip install airlock-rs
Enter fullscreen mode Exit fullscreen mode

Rust CLI:

cargo install airlock-rs
Enter fullscreen mode Exit fullscreen mode

Usage 

import airlock

data = {
    "user": "john@example.com",
    "message": "My SSN is 123-45-6789 and my API key is sk-abc123xyz"
}

result = airlock.scrub(data)
print(result.scrubbed)
# {"user": "user_a1b2@redacted.local", "message": "My SSN is [SSN] and my API key is [API_KEY]"}

print(f"Tokens saved: {result.tokens_saved}")
Enter fullscreen mode Exit fullscreen mode

Why this matters

LLM APIs are external services. Even if you trust the provider, you may be subject to GDPR, HIPAA, SOC 2, or other compliance requirements that prohibit sending personal data to third parties without explicit consent.

Airlock gives you a local firewall you can drop in before any API call — OpenAI, Anthropic, local models, whatever.

CLI usage 

echo '{"email": "jane@example.com", "note": "call her back"}' | airlock scrub
Enter fullscreen mode Exit fullscreen mode 
airlock scrub --input data.json --output scrubbed.json
Enter fullscreen mode Exit fullscreen mode

Open source

Airlock is open source under Apache 2.0. The core is written in Rust for performance and ships as a zero-dependency binary. The Python bindings are built with PyO3.

Would love feedback — especially on the token compression side, since that's the part that varies the most by use case.

Top comments (0)