Content Controls and PII Detection
The platform governing GenAI solutions, detecting usage, mitigating risks, and controlling AI's access to enterprise data.
This guide explains how to configure Content Controls and PII Detection for public GenAI services. It is written for IT administrators and follows the same tone and structure used across SurePath AI docs.
What these features do
Content Controls inspect requests to public services for risky patterns such as harmful content, prompt injection, high‑risk heuristics, code, and potential confidential data. Based on policy, the system allows the request, warns the end user, modifies the content, or blocks the request. PII Detection focuses specifically on personally identifiable information and, with a single global action applied to enabled entities, can monitor, warn, redact, synthesize, or block. Content Controls and PII Detection operate independently and can be used together.
Where they apply
These controls apply to public services. For private models, enforcement is intentionally narrower: Harmful Content can warn and block, and Prompt Injection can warn but not block.
Actions and their effects
The following table compares how each action behaves at request time, what the end user sees, and what is recorded for administrators. "Warn" messages are tailored to the detection and can be customized.
Action | Request handling | End‑user experience | Admin visibility | Content example |
Ignore | No detection performed | No message | No event | n/a |
Monitor | Detected but not modified | No message | Violation logged | n/a |
Warn | Detected; request continues | Warning shown | Violation logged | n/a |
Tag | Offending content replaced with a label | Warning shown | Violation logged with labels |
|
Mask | Offending content replaced with | Warning shown | Violation logged |
|
Delete | Offending content removed | Warning shown | Violation logged | "secret token abc" removed |
Synthesize | Offending content replaced with synthetic value | Warning shown | Violation logged |
|
Block | Request is prevented from completing | Warning shown | Violation logged | Not available for High‑risk Request and Confidential Data |
Every non‑Ignore detection creates a policy event that includes the control or entity type, the selected action, and any relevant labels (for example <PERSON_NAME> or <CODE_BLOCK>). These appear in audits and analytics.
Content Controls
Location: Default Policy - Sensitive Data tab - Content Controls section. For each content type, choose an action. Content Controls are independent from PII Detection.
High‑risk Request
High‑risk Request is a heuristic that aggregates multiple signals of elevated risk, such as exfiltration prompts or suspicious intent. Choose Ignore, Monitor, or Warn to set organizational posture; Block is not yet available. Use Monitor to build visibility without friction, or Warn to coach users while preserving productivity.
Confidential Data
Confidential Data indicates the request may include sensitive, private, or proprietary business information even when it is not a specific PII entity. Select Ignore, Monitor, or Warn; Block is not yet available. Warn is appropriate for knowledge‑worker scenarios, and pairing this control with PII Detection provides stronger defense‑in‑depth.
Programming Language (code)
Programming Language detects code or markup contained in the request. In addition to Ignore, Monitor, and Warn, this control supports the Tag redact option, which replaces detected code with <CODE_BLOCK>. Tag is useful when you need to prevent source code from leaving the organization while still allowing the request to proceed.
Harmful Content
Harmful Content captures offensive or dangerous material that could lead to unwanted or unsafe responses. Choose Ignore, Monitor, Warn, or Block. Many organizations start with Warn for coaching and move to Block in regulated or high‑risk environments.
Prompt Injection
Prompt Injection attempts to manipulate a model to ignore prior instructions or safeguards. Choose Ignore, Monitor, or Warn. Availability of Block may vary by release; consult the UI for the current options. At minimum, use Monitor to build visibility, and Warn to deter accidental policy bypass attempts.
PII Detection Settings
Location: Default Policy - Sensitive Data tab - PII Detection Settings and PII Entities.
Global setting and action
Enabled: Master toggle to turn PII detection on for public services.
Action (global default): The selected action applies to all enabled PII entities.
Available actions: Monitor, Warn, Tag, Mask, Delete, Synthesize, Block (where allowed), and Ignore.
PII entities list
Enable per entity: Toggle individual entities on or off (e.g., Phone Number, Credit Card, Email Address, IP Address, Person, etc.).
Filter: Use "Filter by name" and "Filter by category" (e.g., GDPR, CCPA/CPRA, PCI/DSS, HIPAA, GLBA, FERPA) to locate entities quickly.
Entity badges: Compliance tags indicate common regulatory alignments for each entity type.
Person entity: Detection Mode
Open the gear icon next to Person to select a mode. The table below compares how each option behaves.
Mode | Behavior | Latency | False positives | Public figures |
Rapid (most restrictive) | Fastest verification; may verify only if no other entity types are detected | Lowest | Highest | Treated as PII |
Balanced | Verifies person entities for all requests | Moderate | Moderate | Treated as PII |
Context‑aware (least restrictive) | Aims for fewest false positives with additional context | Slightly higher | Lowest | Ignored (treated as non‑PII) |
Notes: Detection modes currently apply only to the Person entity and also adjust the confidence thresholds used during detection.
How to configure
Configure Content Controls
Go to Default Policy - Sensitive Data.
In Content Controls, choose an action for each control you want to enforce.
Click Save.
Recommended starting points:
Control | Recommended initial action |
High‑risk Request | Warn |
Confidential Data | Warn |
Programming Language | Tag |
Harmful Content | Block (or Warn in low‑risk environments) |
Prompt Injection | Warn |
Configure PII Detection
Go to Default Policy - Sensitive Data.
In PII Detection Settings, turn Enabled on and select the global
Action.In PII Entities, enable the specific entities you want to detect.
For Person, open Settings and choose a Detection Mode.
Click Save.
Example results when the global action is Tag:
"Please email John Smith at [email protected]" → "Please email <PERSON_NAME> at <EMAIL_ADDRESS>"
Example results when the global action is Mask:
"My SSN is 123-45-6789" → "My SSN is ***"
Example results when the global action is Synthesize:
"Call me at (415) 555‑0101" → "Call me at (206) 555‑0199" (synthetic phone number)
End‑user experience and admin visibility
For actions other than Ignore, end users see a contextual message that explains what was detected and what action the system took; these messages are tailored to the detection and can be customized. Administrators receive a corresponding event that includes the control or entity type, the action taken, and any labels used in redaction (for example <PERSON_NAME> or <CODE_BLOCK>). Redacted content is stored as placeholders to prevent sensitive values from being retained in logs.
When to use each action
Action | When to use |
Monitor | Establish visibility without changing user experience. |
Warn | Coach users and reduce risk while maintaining productivity. |
Tag / Mask / Delete | Prevent sensitive values from leaving the environment while allowing the request to proceed. |
Synthesize | Provide safe, realistic stand‑ins for testing, demos, or downstream systems that require a value. |
Block | Enforce non‑negotiable policies or high‑risk scenarios (not available for High‑risk Request and Confidential Data). |