Content Controls and PII Detection
The platform governing GenAI solutions, detecting usage, mitigating risks, and controlling AI's access to enterprise data.
This guide explains how to configure Content Controls and PII Detection for public GenAI services. These settings are part of the broader SurePath AI policy framework — for an overview of Default Policy, Group Policies, and the least-privilege model they rely on, see Understanding policies.
What these features do
Content Controls inspect requests to public services for risky patterns such as harmful content, prompt injection, high‑risk heuristics, code, and potential confidential data. Based on policy, the system allows the request, warns the end user, modifies the content, or blocks the request. PII Detection focuses specifically on personally identifiable information and, with a single global action applied to enabled entities, can monitor, warn, redact, synthesize, or block. Content Controls and PII Detection operate independently and can be used together.
Where they apply
These controls apply to public services. For private models, enforcement is intentionally narrower: Harmful Content can warn and block, and Prompt Injection can warn but not block.
Actions and their effects
The following table compares how each action behaves at request time, what the end user sees, and what is recorded for administrators. "Warn" messages are tailored to the detection and can be customized.
Action
Request handling
End‑user experience
Admin visibility
Content example
Ignore
No detection performed
No message
No event
n/a
Monitor
Detected but not modified
No message
Violation logged
n/a
Warn
Detected; request continues
Warning shown
Violation logged
n/a
Tag
Offending content replaced with a label
Warning shown
Violation logged with labels
John Smith → <PERSON_NAME>; any code block → <CODE_BLOCK>
Mask
Offending content replaced with ***
Warning shown
Violation logged
123‑45‑6789 → ***
Delete
Offending content removed
Warning shown
Violation logged
"secret token abc" removed
Synthesize
Offending content replaced with synthetic value
Warning shown
Violation logged
(415) 555‑0101 → (206) 555‑0199)
Block
Request is prevented from completing
Warning shown
Violation logged
Not available for High‑risk Request and Confidential Data
Every non‑Ignore detection creates a policy event that includes the control or entity type, the selected action, and any relevant labels (for example <PERSON_NAME> or <CODE_BLOCK>). These appear in audits and analytics.
Content Controls
Location: Default Policy - Sensitive Data tab - Content Controls section. For each content type, choose an action. Content Controls are independent from PII Detection.
High‑risk Request
High‑risk Request is a heuristic that aggregates multiple signals of elevated risk, such as exfiltration prompts or suspicious intent. Choose Ignore, Monitor, or Warn to set organizational posture; Block is not yet available. Use Monitor to build visibility without friction, or Warn to coach users while preserving productivity.
Confidential Data
Confidential Data indicates the request may include sensitive, private, or proprietary business information even when it is not a specific PII entity. Select Ignore, Monitor, or Warn; Block is not yet available. Warn is appropriate for knowledge‑worker scenarios, and pairing this control with PII Detection provides stronger defense‑in‑depth.
Programming Language (code)
Programming Language detects code or markup contained in the request. In addition to Ignore, Monitor, and Warn, this control supports the Tag redact option, which replaces detected code with <CODE_BLOCK>. Tag is useful when you need to prevent source code from leaving the organization while still allowing the request to proceed.
Harmful Content
Harmful Content captures offensive or dangerous material that could lead to unwanted or unsafe responses. Choose Ignore, Monitor, Warn, or Block. Many organizations start with Warn for coaching and move to Block in regulated or high‑risk environments.
Prompt Injection
Prompt Injection attempts to manipulate a model to ignore prior instructions or safeguards. Choose Ignore, Monitor, or Warn. Availability of Block may vary by release; consult the UI for the current options. At minimum, use Monitor to build visibility, and Warn to deter accidental policy bypass attempts.
PII Detection Settings
Location: Default Policy - Sensitive Data tab - PII Detection Settings and PII Entities.
Global setting and action
Enabled: Master toggle to turn PII detection on for public services.
Action (global default): The selected action applies to all enabled PII entities.
Available actions: Monitor, Warn, Tag, Mask, Delete, Synthesize, Block (where allowed), and Ignore.
PII entities list
Enable per entity: Toggle individual entities on or off (e.g., Phone Number, Credit Card, Email Address, IP Address, Person, etc.).
Filter: Use "Filter by name" and "Filter by category" (e.g., GDPR, CCPA/CPRA, PCI/DSS, HIPAA, GLBA, FERPA) to locate entities quickly.
Entity badges: Compliance tags indicate common regulatory alignments for each entity type.
Person entity: Detection Mode
Open the gear icon next to Person to select a mode. The table below compares how each option behaves.
Mode
Behavior
Latency
False positives
Public figures
Rapid (most restrictive)
Fastest verification; may verify only if no other entity types are detected
Lowest
Highest
Treated as PII
Balanced
Verifies person entities for all requests
Moderate
Moderate
Treated as PII
Context‑aware (least restrictive)
Aims for fewest false positives with additional context
Slightly higher
Lowest
Ignored (treated as non‑PII)
Notes: Detection modes currently apply only to the Person entity and also adjust the confidence thresholds used during detection.
How to configure
Configure Content Controls
Go to Default Policy - Sensitive Data.
In Content Controls, choose an action for each control you want to enforce.
Click Save.
Recommended starting points:
Control
Recommended initial action
High‑risk Request
Warn
Confidential Data
Warn
Programming Language
Tag
Harmful Content
Block (or Warn in low‑risk environments)
Prompt Injection
Warn
Configure PII Detection
Go to Default Policy - Sensitive Data.
In PII Detection Settings, turn Enabled on and select the global
Action.In PII Entities, enable the specific entities you want to detect.
For Person, open Settings and choose a Detection Mode.
Click Save.
Example results when the global action is Tag:
"Please email John Smith at [email protected]" → "Please email <PERSON_NAME> at <EMAIL_ADDRESS>"
Example results when the global action is Mask:
"My SSN is 123-45-6789" → "My SSN is ***"
Example results when the global action is Synthesize:
"Call me at (415) 555‑0101"→ "Call me at (206) 555‑0199" (synthetic phone number)
End‑user experience and admin visibility
For actions other than Ignore, end users see a contextual message that explains what was detected and what action the system took; these messages are tailored to the detection and can be customized. Administrators receive a corresponding event that includes the control or entity type, the action taken, and any labels used in redaction (for example <PERSON_NAME> or <CODE_BLOCK>). Redacted content is stored as placeholders to prevent sensitive values from being retained in logs.
When to use each action
Action
When to use
Monitor
Establish visibility without changing user experience.
Warn
Coach users and reduce risk while maintaining productivity.
Tag / Mask / Delete
Prevent sensitive values from leaving the environment while allowing the request to proceed.
Synthesize
Provide safe, realistic stand‑ins for testing, demos, or downstream systems that require a value.
Block
Enforce non‑negotiable policies or high‑risk scenarios (not available for High‑risk Request and Confidential Data).