Open-source Kiji Privacy Proxy Masks PII Before Enterprise Prompts Reach External AI Services
What Happened — Dataiku released Kiji Privacy Proxy, an open‑source gateway that intercepts requests to external large‑language‑model APIs and automatically redacts 16+ categories of personally identifiable information (PII). The tool replaces detected PII with realistic dummy values, forwards the sanitized request, then restores the original data in the response.
Why It Matters for TPRM —
- Prevents inadvertent transfer of regulated data (GDPR, HIPAA, CCPA) to third‑party AI providers.
- Reduces legal and compliance exposure for vendors that embed LLM calls in customer‑facing applications.
- Provides a low‑latency, on‑premise solution that can be deployed across macOS, Linux, and browsers, supporting diverse enterprise environments.
Who Is Affected — Technology SaaS vendors, cloud‑hosted application providers, and any organization that integrates external LLM APIs into customer‑oriented workflows (e.g., support bots, analytics platforms).
Recommended Actions —
- Evaluate whether your current AI integration pipeline includes a sanitization layer; if not, pilot Kiji or a comparable solution.
- Update data‑handling policies to require PII masking before any outbound LLM request.
- Conduct a compliance review to confirm that masked data meets GDPR, HIPAA, and CCPA obligations.
Technical Notes — Kiji uses a quantized DistilBERT model executed via ONNX Runtime on the client machine; detection runs locally with no external calls, achieving ~94 % F1 on benchmark data and sub‑100 ms latency. Distribution formats include an Electron desktop app (macOS), a standalone server binary (Linux), and a Chrome extension for browser‑based interactions. Source: https://www.helpnetsecurity.com/2026/05/01/open-source-pii-privacy-proxy/