Skip to main content

GPTfy Security Layers for Data Anonymization

GPTfy ensures that sensitive data is anonymized before it reaches AI models by using multi-layered security. These layers provide different strategies to mask personally identifiable information (PII) and maintain compliance with privacy standards.

What You Can Do:

  • Identify and anonymize sensitive data using both prebuilt and custom rules.
  • Apply anonymization strategies based on the field type (e.g., Email, Phone).
  • Mask data dynamically using Regular Expressions (Regex), blocklists, field logic, or custom Apex classes.
  • Audit and verify anonymization through Security Audit records.

GPTfy Security Layers Explained:

LayerDescriptionBest Use
Layer 1: Field Value BasedMasks entire field values based on field mapping (e.g., Email, Phone, Name).Email, Phone, Name fields
Layer 2: Format-Based (Regex)Masks specific patterns within long text fields using Regex (e.g., Emails, Phones, SSNs inside notes).Emails, Phones, SSNs inside long text
Layer 3: Blocklist-BasedMasks sensitive words or terms from long text using blocklists (e.g., Product names, Confidential IDs).Unstructured text
Layer 4: Apex-BasedExecutes custom Apex logic for complex or unmatched data patterns (e.g., custom rules for specialized data).Complex data masking

alt text

Note: Layers 2 and 3 operate on long text fields to mask specific strings within unstructured content.

Field-Level Controls for Regex Matching:

CheckboxFunctionalityBenefitsPotential Drawbacks
Match Complete WordAdds (?<=\s)(?=\s) to match whole words.Prevents partial matches within other words (e.g., avoids matching "cat" in "category").Might miss matches not surrounded by whitespace.
Ignore Special CharactersIgnores special characters at the start or end of a match (e.g., ., : ; {}).Allows flexible matching for inconsistently formatted data.Could result in unintended matches if special characters are meaningful.

Steps to Use Security Layers in Data Context Mapping:

  1. Access the Field Mapping Window:

    • Navigate to Data Context Mapping in the GPTfy Cockpit.
    • Select an object and click Field Mappings.

  2. Choose the Appropriate Security Layer:

    • For regular fields (e.g., Email, Phone), select Entire Value (Layer 1).
    • For long text fields, select Specific Patterns to activate Layers 2 and 3.

alt text

  1. Save Your Field Mapping:

    • After configuring masking layers and values, click Save.

  2. Activate the Prompt:

    • Apply the security layers by activating an existing prompt or creating a new one with the mapping.

alt text

  1. Run the Prompt:
    • Execute the prompt on any Salesforce record to trigger anonymization.

alt text

  1. Verify Anonymization in the Security Audit Record:
    • Open the linked Security Audit record to check:
      • Data (Original): The original field value.
      • Data (PII Removed): The masked value.

How Layer 4 (Apex Security Layer) Works:

The Apex Security Layer enables the creation of custom masking logic when other layers are insufficient. This is useful for complex data masking scenarios.

  1. Create a New Apex Class:
    Implement the interface AIApexSecurityLayerInterface.

  2. Define the Apex Security Layer:

    • Add the Apex class name to the new security layer and activate it.

  3. Activate the Layer in Data Context Mapping:

    • Select the new Apex Security Layer in the Data Context Mapping settings.

alt text

  1. Apex Class Example: 
    global class SampleApexSecurityLayerClass implements ccai.AIApexSecurityLayerInterface {
        global ccai.AIApexSecurityLayerDataWrapper getExtractData(ccai.AIApexSecurityLayerDataWrapper wrapper) {
            Map<String, String> pIIKey = (Map<String, String>)JSON.deserialize(wrapper.response.ccai__Data_PII_Key__c, Map<String, String>.class);
            pIIKey.put('489-36-83535566u', 'AP-0874-001');
            wrapper.response.ccai__Data_PII_Key__c = JSON.serialize(pIIKey);
            return wrapper;
        }
    }

alt text

Sample Example:

Original ValueMasked BySecurity Layer
34eSF-0179-022Layer 2 – Regex
12321SF-0174-001Layer 2 – Regex

GPTfy applies rules in a top-down approach. Larger values are prioritized before submatches.

Field Name: Description

Original ValueMasked BySecurity Layer
Contact at 489-36-83525566uAP-0874-001Layer 4 – Apex

Description 1: Includes sensitive text (489-36-83525566u) — masked by Apex layer.
Description 2: Regular masking (using Layer 2 or 3) applies first.

Name field: (Entire Value masking by Layer 1.)

Important: Apex logic is triggered after Layer 1, 2, and 3 if masking is still required.

alt text

Summary:

  • Use Layer 1 for complete field-level anonymization.
  • Use Layers 2 and 3 for inline masking within long text.
  • Use Layer 4 (Apex) when custom, complex masking is needed.
  • Customize Regex behavior using checkboxes to improve accuracy.
  • View and audit anonymization results directly in GPTfy’s security logs.

This multi-layered approach helps you stay compliant and confident in how your data is handled.