Critical severity intermediate · Fix: 15-30 min

ModelOutputPIILeakError

ai_security.errors.ModelOutputPIILeakError

What this error means
The AI model output contains sensitive personally identifiable information (PII) that should not be exposed in production environments.

Stack trace

traceback 
ai_security.errors.ModelOutputPIILeakError: Detected PII in model output: 'SSN: 123-45-6789'
  File "app.py", line 42, in generate_response
    response = client.chat.completions.create(...)
  File "ai_security/monitor.py", line 88, in check_pii
    raise ModelOutputPIILeakError("Detected PII in model output")
QUICK FIX
Add automated PII detection and redaction on all model outputs before returning them to users.

Why it happens

AI models sometimes generate outputs containing sensitive PII because training data or prompt context includes such data, or the model memorizes and reproduces it. Without explicit filtering or redaction, this leads to accidental data leaks.

Detection

Implement automated PII detection on model outputs by scanning for patterns like SSNs, emails, phone numbers, or use specialized PII detection libraries before returning responses to users.

Causes & fixes

1

Model memorized sensitive PII from training data and outputs it verbatim.

✓ Fix

Use privacy-preserving fine-tuning techniques and remove or mask PII from training datasets before model training.

2

Prompt includes user data or context that contains PII without redaction.

✓ Fix

Sanitize and redact all user inputs and context data before passing them to the model.

3

No output filtering or PII detection applied on model responses.

✓ Fix

Integrate automated PII detection and redaction pipelines on all model outputs before usage or display.

Code: broken vs fixed

Broken - triggers the error
python
from openai import OpenAI
import os

client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])

response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Provide user info including SSN."}]
)
print(response.choices[0].message.content)  # This may leak PII
Fixed - works correctly
python
from openai import OpenAI
import os
import re

client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])

def redact_pii(text):
    # Simple regex to redact SSNs as example
    return re.sub(r"\b\d{3}-\d{2}-\d{4}\b", "[REDACTED_SSN]", text)

response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Provide user info including SSN."}]
)
output = response.choices[0].message.content
safe_output = redact_pii(output)  # Redact PII before use
print(safe_output)  # PII redacted output
Added a PII redaction function that removes sensitive SSN patterns from the model output before printing, preventing PII leaks.

Workaround

Wrap model output handling with a try/except that scans for PII patterns using regex or a PII detection library and redacts or blocks output if PII is found.

Prevention

Adopt a privacy-first architecture by removing PII from training data, sanitizing inputs, and enforcing output filtering with automated PII detection before any user-facing output.

Python 3.9+ · openai >=1.0.0 · tested on 1.5.x
Verified 2026-04
Verify ↗

Related errors

OpenAI RateLimitError 429 LangChain OutputParserException

Related guides

'' how to detect and redact pii in llm output guide '' best practices for llm data privacy concept

Community Notes

No notes yetBe the first to share a version-specific fix or tip.