security 1 credit · ~$0.015 <20ms

PII / PHI / PCI Firewall

POST /v1/scan/pii

The deterministic gate an agent calls before text crosses a trust boundary — a log line, a ticket, a third-party API, or a persisted transcript. It detects regulated personal data, redacts it, and returns a signed PASS/FLAG/BLOCK verdict. No network calls, nothing leaves the box, and raw values are never echoed back.

Capabilities

  • Checksum-validated: credit cards (Luhn), IBANs (ISO-7064 mod-97), UK NHS (mod-11), Canadian SIN (Luhn)
  • Structural: US SSN (SSA rules), email, phone, IPv4 — with overlap resolution
  • PII / PHI / PCI categories and severity scoring
  • Format-preserving masking plus a fully redacted copy of the input
  • Enforcement modes: block / flag / audit
  • Policy: severity threshold, allowTypes, jurisdictions, redact on/off
  • Tamper-evident SHA-256 certificate bound to the input hash

Use cases

  • Support agents: strip SSNs and cards before writing tickets or transcripts
  • Healthcare and telehealth copilots: keep PHI out of prompts and non-BAA vendors
  • Fintech and PCI: block raw card numbers from leaving the boundary
  • HR and recruiting agents: guard employee records and offer letters
  • GDPR / HIPAA / CCPA: a pre-flight gate plus an audit certificate for every egress
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/pii \
  -H "Content-Type: application/json" \
  -d '{"text": "Patient SSN 219-09-9999, card 4111 1111 1111 1111"}'
response shape
{
  "verdict": "PASS" | "FLAG" | "BLOCK",
  // tool-specific findings…
  "certificate": "sha256:..."
}