/mcp-tutorials

How to redact PII from MCP before LLM invocation?

Discover how to redact PII from MCP before LLM invocation. Our step-by-step guide covers identifying risks, implementing Python redaction, and secure testing.

Book a free  consultation
Matt Graham, CEO of Rapid Developers

Book a call with an Expert

Starting a new venture? Need to upgrade your web app? RapidDev builds application with your growth in mind.

Book a free No-Code consultation

How to redact PII from MCP before LLM invocation?

 

Step 1: Understand the Importance of Redacting PII

 

To effectively redact PII (Personally Identifiable Information) from MCP (Model Context Protocol), it is crucial to first understand what PII entails. PII can include names, addresses, phone numbers, social security numbers, and other data that can identify an individual. Redacting PII is important to ensure privacy and security when invoking a Large Language Model (LLM) such as Claude.

 

Step 2: Identify PII within the MCP Context

 

Before invoking the LLM, developers must identify and isolate any PII present in the MCP components, specifically:

 

  • System Instructions: Check if any PII is inadvertently included.
  • User Profile: Specifically scrutinize this section for user-related PII.
  • Document Context: Ensure no documents contain PII.
  • Active Tasks/Goals: Verify that tasks and goals do not include PII.
  • Tool Access Logs: These should not log or expose PII.

 

Step 3: Implement a Redaction Mechanism

 

To effectively redact PII, implement a system that identifies and masks this information in your data processing pipeline. Here is a basic example using Python regular expressions to redact PII:


import re

def redact_pii(text):
    # Redact email addresses
    text = re.sub(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+.[A-Z|a-z]{2,}\b', '[REDACTED]', text)
    
    # Redact phone numbers
    text = re.sub(r'\b\d{3}[-.\s]??\d{2}??[-.\s]??\d{4}\b', '[REDACTED]', text)
    
    # Redact social security numbers
    text = re.sub(r'\b\d{3}-\d{2}-\d{4}\b', '[REDACTED]', text)
    
    # Add more patterns as necessary
    return text

Test the redaction function
example_text = "Contact me at [email protected] or 123-456-7890."
redactedtext = redactpii(example_text)
print(redacted_text)

 

Step 4: Integrate Redaction in MCP Workflow

 

Ensure the redaction function is integrated into your MCP setup so that any context before being sent to the LLM is processed:


def processmcpcontext(mcp_context):
    # Redact PII from each relevant part
    mcpcontext['System Instructions'] = redactpii(mcp_context.get('System Instructions', ''))
    mcpcontext['User Profile'] = redactpii(mcp_context.get('User Profile', ''))
    mcpcontext['Document Context'] = redactpii(mcp_context.get('Document Context', ''))
    mcpcontext['Active Tasks'] = redactpii(mcp_context.get('Active Tasks', ''))
    # Ensure any logs are free of PII
    return mcp_context

Example MCP context
mcp_context = {
    'System Instructions': "You are a helpful assistant for John Doe.",
    'User Profile': "John Doe, call 555-555-5555",
    'Document Context': "Please review John's document.",
    'Active Tasks': "Help John with his tasks."
}

Process context before LLM invocation
processedcontext = processmcpcontext(mcpcontext)

 

Step 5: Verify Redaction and Testing

 

Once you’ve implemented the redaction, thoroughly test it to ensure no PII slips through. Verification can involve:

 

  • Unit Testing: Create tests to ensure redaction is applied correctly.
  • Peer Review: Have other developers review the redaction logic.
  • Continuous Monitoring: Set up logs to monitor for any PII exposure post-redaction.

 

Step 6: Maintain and Update Redaction Logic

 

As new types of PII or changes in your MCP requirements arise, update your redaction logic accordingly. Regular audits and updates ensure ongoing compliance and protection of user data.

Want to explore opportunities to work with us?

Connect with our team to unlock the full potential of no-code solutions with a no-commitment consultation!

Book a Free Consultation

Client trust and success are our top priorities

When it comes to serving you, we sweat the little things. That’s why our work makes a big impact.

Rapid Dev was an exceptional project management organization and the best development collaborators I've had the pleasure of working with. They do complex work on extremely fast timelines and effectively manage the testing and pre-launch process to deliver the best possible product. I'm extremely impressed with their execution ability.

CPO, Praction - Arkady Sokolov

May 2, 2023

Working with Matt was comparable to having another co-founder on the team, but without the commitment or cost. He has a strategic mindset and willing to change the scope of the project in real time based on the needs of the client. A true strategic thought partner!

Co-Founder, Arc - Donald Muir

Dec 27, 2022

Rapid Dev are 10/10, excellent communicators - the best I've ever encountered in the tech dev space. They always go the extra mile, they genuinely care, they respond quickly, they're flexible, adaptable and their enthusiasm is amazing.

Co-CEO, Grantify - Mat Westergreen-Thorne

Oct 15, 2022

Rapid Dev is an excellent developer for no-code and low-code solutions.
We’ve had great success since launching the platform in November 2023. In a few months, we’ve gained over 1,000 new active users. We’ve also secured several dozen bookings on the platform and seen about 70% new user month-over-month growth since the launch.

Co-Founder, Church Real Estate Marketplace - Emmanuel Brown

May 1, 2024 

Matt’s dedication to executing our vision and his commitment to the project deadline were impressive. 
This was such a specific project, and Matt really delivered. We worked with a really fast turnaround, and he always delivered. The site was a perfect prop for us!

Production Manager, Media Production Company - Samantha Fekete

Sep 23, 2022