Philterd

Talk to an Expert

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer to skip the form? Pick a time on our calendar →
or send a message

← All posts

Beyond Regex: Why General LLMs Fail at PII Discovery

By AI · LLMs · Philter

Regex was never meant for the messy reality of human language. It's great at finding a 10-digit number that looks like a phone identifier, but it's famously terrible at telling you why that number exists. On the flip side, we're now seeing companies try to throw massive, general-purpose LLMs at the problem. Those models are incredible conversationalists — but using them for PII discovery is like using a sledgehammer for surgery.

At Philterd, we've found that the answer isn't choosing one over the other — it's a hybrid approach. Here is why "general" intelligence usually fails the privacy test, and how we combine traditional logic with specialized AI to get it right.

1. The context gap: "smart" isn't always "accurate"

General LLMs are trained to be helpful. They predict the most likely next word in a sequence based on a massive, broad dataset. But PII discovery requires a different kind of brain — one that understands the difference between a name and a noun in high-stakes environments.

Take the word "Apple." A general model has to navigate a world of possibilities: is it a fruit? A tech giant? Or is it the surname of a patient in a medical file? Because general models are tuned for a broad range of knowledge, they often miss the subtle linguistic cues that a specialized model picks up instantly.

In a clinical note, a general LLM might see "Huntington" and redact it as a person's name — whereas a specialized model recognizes it as part of "Huntington's Disease," a critical piece of medical context that must remain for the data to be useful.

2. The Philterd hybrid advantage: best of both worlds

We don't believe in the AI-only hype. Instead, Philterd uses a hybrid orchestration engine that layers traditional pattern matching with contextual AI:

  • The logic layer (regex and policy rules). For structured data like SSNs, credit card numbers, and standard ID formats, traditional logic is king. It is instantaneous, 100% deterministic, and requires almost zero compute. The Phileas library handles this layer.
  • The intelligence layer (specialized models). For unstructured text — where names, addresses, and sensitive conversations are buried in prose — our fine-tuned models take over, served via PhEye. The AI reads the sentence to ensure that "Jordan" is recognized as a person when it's a patient, but ignored when it's a country or a river.

By combining these, we achieve enterprise throughput: the blistering speed of regex for 80% of your data and the deep intelligence of an LLM for the complex 20%, all in a single pass.

3. The cost of over-redaction (data utility)

In the privacy world, we talk about data utility. If your redaction tool is a black box that scrubs everything it thinks might be sensitive, you end up with a dataset full of holes.

General models tend to hallucinate PII where it doesn't exist because they are over-eager. If you're trying to run analytics or train an internal AI, over-redaction is just as bad as a leak — it renders your data useless. We use Philter Scope to benchmark our hybrid engine and ensure we keep recall high without sacrificing the precision your data needs to stay functional for research.

4. The "GPU tax" and infrastructure bloat

If you want to run a general-purpose LLM at scale, you're looking at massive clusters of high-end GPUs. For most enterprises, the cost makes the project dead on arrival.

Because Philterd's approach is hybrid, it is resource-efficient. By handling the bulk of the heavy lifting with optimized logic and only invoking pruned, quantized models for the hard stuff, the entire suite runs on standard CPUs. You get human-level accuracy without a massive cloud bill — and without sending data to a third-party API.

5. Determinism vs. creativity

LLMs are probabilistic — they are designed to be creative. In PII discovery, creativity is a liability. You need a tool that is deterministic and repeatable.

Our hybrid model anchors the AI's imagination with rigid rules. If you redact a document twice, you get the same result every time. In a compliance audit, that consistency is the difference between passing and failing.

The bottom line

General LLMs are great for brainstorming, but they are tourists when it comes to PII. Specialized models, supported by a robust hybrid framework, are purpose-built for the high-stakes environment of compliance.

At Philterd, we didn't build a chatbot — we built a precision engine for privacy. We focus on the "boring" but vital work of keeping sensitive data private, infrastructure lean, and audits clean.

Want to see how the hybrid engine handles your data? Check out our Privacy AI lineup — or try Philter directly.