Redact & Mask
Response redaction intercepts tool outputs and removes or masks sensitive data before it reaches the AI — and before it can appear in a conversation, log, or downstream system.
Built-in PII detection
Every Civic account includes automatic PII detection on all tool responses. The following types are detected and can be redacted:
| PII type | Examples |
|---|---|
| Social Security Numbers | 123-45-6789 |
| Credit card numbers | 4111 1111 1111 1111 |
| Email addresses | user@example.com |
| Phone numbers | International formats |
| IP addresses | IPv4 and IPv6 |
| Passport numbers | |
| Driver's license numbers | |
| Bank account numbers | IBAN format |
| Dates of birth |
Detection is on by default. To enable automatic redaction (replacing detected values with [REDACTED]):
"Enable PII redaction for all responses on my Gmail server"
Remove specific fields
Strip named fields from every response a server returns — useful for internal metadata the AI doesn't need to see.
Example — remove internal IDs and audit fields from Salesforce responses:
"Remove the
internal_id,created_by_id, andlast_modified_by_idfields from all Salesforce responses"
{ "remove_fields": ["internal_id", "created_by_id", "last_modified_by_id"] }
Redact Prompt Injection from Responses
Removes prompt injection patterns from tool responses before they reach the AI. This guardrail targets injection payloads that may be embedded in external data — a malicious instruction inside an email, document, or database record that could hijack the agent's behavior.
"Enable prompt injection redaction on my Gmail server"
This complements Block Prompt Injection in Requests — that guardrail blocks injections going out; this one removes them from data coming in.
Redact by pattern
Block any response value matching a regex pattern.
Example — mask API keys that leaked into a tool response:
{ "redact_pattern": "sk-[a-zA-Z0-9]{32,}" }
What redaction looks like
The AI sees [REDACTED] in place of the matched value. The original data is never stored in the conversation or passed further downstream.
Original: { "email": "alice@example.com", "phone": "+1-555-867-5309" }
Redacted: { "email": "[REDACTED]", "phone": "[REDACTED]" }
Why this matters
The AI can only expose what it can see. If a tool response contains a customer's SSN and PII redaction is active, the AI cannot quote it, summarize it, or write it to another system — because it never received it.
This is especially important for:
- Email and calendar servers that surface contact data
- CRM tools (Salesforce, HubSpot, Pipedrive) with customer PII
- Database queries that may return unexpected sensitive fields
- Support tools (Intercom, Zendesk) with end-user data
How to configure
Ask the Configurator Agent:
"Enable email address redaction on my HubSpot server"
"Remove the
ssnanddate_of_birthfields from all Salesforce contact responses"
Or configure via the Civic UI: open your toolkit → select the MCP server → Guardrails → Response → Add Redaction Rule.