	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Generative AI > Google Gemini API > AI Output Redaction Agent

AI Output Redaction Agent

Author: Venkata Sudhakar

AI agents that query databases, documents, or CRM systems can inadvertently expose sensitive information in their responses - phone numbers, Aadhaar numbers, bank account details, or customer emails. An output redaction agent acts as a post-processing layer that intercepts every agent response, identifies sensitive patterns, and replaces them with masked tokens before the response reaches the end user.

The pattern combines regex-based detection for known patterns (phone numbers, emails, card numbers) with a Gemini-powered classifier for context-sensitive redaction (detecting names, addresses, and financial figures that regex alone would miss). The two-stage approach is fast - regex handles 90% of cases instantly, and Gemini only processes the remainder.

The below example shows ShopMax India redacting customer data from an agent response before it is logged or displayed to a third-party analytics dashboard.

import re
import google.genai as genai
from google.adk.agents import LlmAgent
from google.adk.tools import FunctionTool
from google.adk.sessions import InMemorySessionService
from google.adk.runners import Runner
from google.genai import types

client = genai.Client(api_key="your-api-key")

# Stage 1: Regex redaction for known patterns
PATTERNS = [
    (r"\b[6-9]\d{9}\b", "[PHONE]"),                        # Indian mobile
    (r"\b\d{4}[- ]?\d{4}[- ]?\d{4}\b", "[AADHAAR]"),     # Aadhaar
    (r"\b\d{16}\b", "[CARD]"),                             # Credit/debit card
    (r"[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}", "[EMAIL]"),
    (r"\b[A-Z]{5}[0-9]{4}[A-Z]\b", "[PAN]"),               # PAN card
]

def regex_redact(text: str) -> str:
    for pattern, replacement in PATTERNS:
        text = re.sub(pattern, replacement, text)
    return text

def gemini_redact(text: str) -> str:
    # Stage 2: Gemini catches what regex misses
    prompt = (
        "You are a data redaction assistant. Replace sensitive personal information\n"
        "in the text below with these tokens:\n"
        "- Full names: [NAME]\n"
        "- Street addresses: [ADDRESS]\n"
        "- Bank account numbers: [ACCOUNT]\n"
        "- IFSC codes: [IFSC]\n"
        "Do NOT change anything else. Return only the redacted text.\n\n"
        "Text: " + text
    )
    resp = client.models.generate_content(model="gemini-2.0-flash", contents=prompt)
    return resp.text.strip()

def redact_output(text: str) -> dict:
    # Two-stage redaction pipeline
    after_regex = regex_redact(text)
    after_gemini = gemini_redact(after_regex)
    return {
        "original_length": len(text),
        "redacted_text": after_gemini,
        "redacted_length": len(after_gemini)
    }

redact_tool = FunctionTool(func=redact_output)

# Simulated raw agent response with PII
raw_response = (
    "Customer Rajesh Kumar placed order ORD-4421. "
    "Contact: 9876543210, email: rajesh.kumar@gmail.com. "
    "Delivery to 42 MG Road, Bangalore 560001. "
    "Refund of Rs 72000 to account 50100234567890, IFSC HDFC0001234. "
    "PAN: ABCPK1234D, Aadhaar: 1234 5678 9012."
)

print("Original:")
print(raw_response)
print()

result = redact_output(raw_response)
print("Redacted:")
print(result["redacted_text"])

It gives the following output,

Original:
Customer Rajesh Kumar placed order ORD-4421. Contact: 9876543210,
email: [email protected]. Delivery to 42 MG Road, Bangalore 560001.
Refund of Rs 72000 to account 50100234567890, IFSC HDFC0001234.
PAN: ABCPK1234D, Aadhaar: 1234 5678 9012.

Redacted:
Customer [NAME] placed order ORD-4421. Contact: [PHONE],
email: [EMAIL]. Delivery to [ADDRESS].
Refund of Rs 72000 to account [ACCOUNT], IFSC [IFSC].
PAN: [PAN], Aadhaar: [AADHAAR].

Wrap this redaction pipeline as a middleware layer around every agent runner in your ShopMax India platform. Call redact_output on the final response text before returning it to any external system - analytics dashboards, chat logs, audit trails, or third-party integrations. Store the redaction mapping (original token to masked token) in a secure vault so authorised personnel can de-redact for legitimate investigations. Apply redaction asymmetrically: full redaction for external logs, partial redaction (last 4 digits only) for internal support dashboards where agents need enough context to help customers.

Send your comments, suggestions or queries regarding this site to [email protected].