Redact PII before it reaches the LLM

Philter AI Proxy

Philter AI Proxy sits between your application and LLM providers like OpenAI and Anthropic Claude. Prompts get redacted before they leave your network; responses get scanned on the way back. Your existing code keeps working — point your client at the proxy URL and PII protection is automatic.

View on GitHub

Change one URL. Stop leaking PII to LLM providers.

# Before
client = OpenAI(api_key=KEY)

# After — just point at the proxy
client = OpenAI(
    api_key=KEY,
    base_url="https://philter-proxy.internal/v1"
)
# Same OpenAI client. PII redacted automatically.

Documentation → Release Notes → GitHub →

Why a proxy

Drop-in for major providers

Speaks the OpenAI, Anthropic, and Amazon Bedrock wire protocols. Your existing SDKs don't need a single line changed — only the base URL.

Inbound prompt redaction

Strips PII and PHI from prompts before they're forwarded to the model. Names, SSNs, MRNs, account numbers — all replaced according to your policy.

Outbound response scanning

Inspects model responses for sensitive content that leaked through. Block, redact, or flag — your policy, your call.

Audit log for compliance

Every redaction is logged with timestamp, entity type, and direction (in/out). The exact paper trail HIPAA and GDPR auditors expect for AI workloads.

Policy-driven

Uses the same Phileas policies as the rest of the Philterd toolkit. Define once; apply across redaction, discovery, monitoring, and now AI traffic.

Self-hosted

Runs inside your perimeter. The proxy is the last hop before LLM-bound traffic leaves your network — and the first hop on the way back.

Ready to use Philter AI Proxy?

Three ways to get going — deploy the open source yourself, spin it up from a cloud marketplace, or work with our team directly. Pick the path that fits.

See your options