Skip to main content
Response redaction intercepts tool outputs and removes or masks sensitive data before it reaches the AI — and before it can appear in a conversation, log, or downstream system.

Built-in PII detection

Every Civic account includes automatic PII detection on all tool responses. The following types are detected and can be redacted:
PII typeExamples
Social Security Numbers123-45-6789
Credit card numbers4111 1111 1111 1111
Email addressesuser@example.com
Phone numbersInternational formats
IP addressesIPv4 and IPv6
Passport numbers
Driver’s license numbers
Bank account numbersIBAN format
Dates of birth
Detection is on by default. To enable automatic redaction (replacing detected values with [REDACTED]):
“Enable PII redaction for all responses on my Gmail server”

Remove specific fields

Strip named fields from every response a server returns — useful for internal metadata the AI doesn’t need to see. Example — remove internal IDs and audit fields from Salesforce responses:
“Remove the internal_id, created_by_id, and last_modified_by_id fields from all Salesforce responses” 
{ "remove_fields": ["internal_id", "created_by_id", "last_modified_by_id"] }

Redact Prompt Injection from Responses

Removes prompt injection patterns from tool responses before they reach the AI. This guardrail targets injection payloads that may be embedded in external data — a malicious instruction inside an email, document, or database record that could hijack the agent’s behavior.
“Enable prompt injection redaction on my Gmail server”
This complements Block Prompt Injection in Requests — that guardrail blocks injections going out; this one removes them from data coming in.

Redact by pattern

Block any response value matching a regex pattern. Example — mask API keys that leaked into a tool response: 
{ "redact_pattern": "sk-[a-zA-Z0-9]{32,}" }

What redaction looks like

The AI sees [REDACTED] in place of the matched value. The original data is never stored in the conversation or passed further downstream. 
Original:  { "email": "alice@example.com", "phone": "+1-555-867-5309" }
Redacted:  { "email": "[REDACTED]", "phone": "[REDACTED]" }

Why this matters

The AI can only expose what it can see. If a tool response contains a customer’s SSN and PII redaction is active, the AI cannot quote it, summarize it, or write it to another system — because it never received it. This is especially important for:
  • Email and calendar servers that surface contact data
  • CRM tools (Salesforce, HubSpot, Pipedrive) with customer PII
  • Database queries that may return unexpected sensitive fields
  • Support tools (Intercom, Zendesk) with end-user data

How to configure

Ask the Configurator Agent:
“Enable email address redaction on my HubSpot server”
“Remove the ssn and date_of_birth fields from all Salesforce contact responses”
Or configure via the Civic UI: open your toolkit → select the MCP server → Guardrails → Response → Add Redaction Rule.