Use AI to protect sensitive information in requests

Uses: Kong Gateway AI Gateway decK
Tags
Minimum Version
Kong Gateway - 3.10
TL;DR

Start an AI PII Anonymizer service, and enable the AI Sanitizer plugin to use this service to anonymize the specified information.

Prerequisites

This is a Konnect tutorial and requires a Konnect personal access token.

  1. Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.

  2. Export your token to an environment variable:

     export KONNECT_TOKEN='YOUR_KONNECT_PAT'
    
    Copied to clipboard!
  3. Run the quickstart script to automatically provision a Control Plane and Data Plane, and configure your environment:

     curl -Ls https://get.konghq.com/quickstart | bash -s -- -k $KONNECT_TOKEN --deck-output
    
    Copied to clipboard!

    This sets up a Konnect Control Plane named quickstart, provisions a local Data Plane, and prints out the following environment variable exports:

     export DECK_KONNECT_TOKEN=$KONNECT_TOKEN
     export DECK_KONNECT_CONTROL_PLANE_NAME=quickstart
     export KONNECT_CONTROL_PLANE_URL=https://us.api.konghq.com
     export KONNECT_PROXY_URL='http://localhost:8000'
    
    Copied to clipboard!

    Copy and paste these into your terminal to configure your session.

Start the Kong AI PII Anonymizer service

Make sure you have access to the AI PII service, then run the following command to start it locally with Docker:

docker run --platform linux/x86_64 -d --name pii-service -p 9000:8080 kong/ai-pii-service
Copied to clipboard!

Enable the AI Proxy plugin

Use the following command to enable the AI Proxy plugin configured with a chat route using OpenAI:

echo '
_format_version: "3.0"
plugins:
  - name: ai-proxy
    config:
      route_type: llm/v1/chat
      auth:
        header_name: Authorization
        header_value: Bearer ${{ env "DECK_OPENAI_API_KEY" }}
      model:
        provider: openai
        name: gpt-4
        options:
          max_tokens: 512
          temperature: 1.0
' | deck gateway apply -
Copied to clipboard!

Enable the AI Sanitizer plugin

Configure the AI Sanitizer plugin to use the AI PII Anonymizer service to anonymize general information and phone numbers:

echo '
_format_version: "3.0"
plugins:
  - name: ai-sanitizer
    config:
      anonymize:
      - phone
      - general
      port: 9000
      host: host.docker.internal
      redact_type: synthetic
      stop_on_error: true
      recover_redacted: false
' | deck gateway apply -
Copied to clipboard!

Validate

To validate, send a request that contains PII, for example:

 curl -X POST "$KONNECT_PROXY_URL/anything" \
     -H "Accept: application/json"\
     -H "Content-Type: application/json" \
     --json '{
       "messages": [
         {
           "role": "system",
           "content": "You are a helpful assistant. Please repeat the following information back to me."
         },
         {
           "role": "user",
           "content": "My name is John Doe, my phone number is 123-456-7890."
         }
       ]
     }'
Copied to clipboard!

If the plugin was configured correctly, you will received a response with all PII information scrubbed, for example:

Your name is Jesse Mason and your phone number is 001-204-028-1684x83574.

Cleanup

If you created a new control plane and want to conserve your free trial credits or avoid unnecessary charges, delete the new control plane used in this tutorial.

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!