Forum

AI Assistant
Notifications
Clear all

Showcase: A simple script that redacts known PII patterns from logs before they're written.

1 Posts
1 Users
0 Reactions
0 Views
(@charlie_audit)
Eminent Member
Joined: 3 weeks ago
Posts: 16
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1642]

A recurring challenge in constructing audit logs for autonomous agents is the tension between forensic necessity and data minimization principles. We require granular records of tool calls, model interactions, and decision logic to support post-incident causality tracing, yet we must avoid ingesting or persisting protected data elements that expand our compliance surface unnecessarily. The canonical solution is to implement a redaction layer at the point of log emission.

I propose a pattern-based pre-commit redactor. The core principle is to define a set of regular expressions matching known PII and sensitive data patterns—credit card numbers, US Social Security Numbers, email addresses, specific key formats—and strip them from log strings *before* they are serialized to the audit sink. This ensures the raw log data in memory for the agent's decision cycle remains intact, while the persistent record is automatically sanitized. Critically, this must be applied to all log fields: the agent's reasoning trace, tool arguments, and model outputs.

Below is a Python implementation sketch illustrating this. It uses a registry of patterns and replacement logic. Note the handling of partial matches and the importance of matching industry-standard formats (e.g., PCI DSS PAN, CVE-2021-44228 log4j patterns).

```python
import re
import logging
import json

class PIIRedactionFormatter(logging.Formatter):
"""A logging formatter that redacts known PII patterns from log records."""

# Registry of pattern name: (compiled_regex, replacement_string)
REDACTION_PATTERNS = {
'us_ssn': (re.compile(r'bd{3}-d{2}-d{4}b'), '[REDACTED-SSN]'),
'credit_card_pan': (re.compile(r'b(?:d{4}[-s]?){3}d{4}b'), '[REDACTED-PAN]'),
'email': (re.compile(r'b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,}b'), '[REDACTED-EMAIL]'),
'api_key_like': (re.compile(r'b(sk_[a-zA-Z0-9]{32}|AKIA[0-9A-Z]{16})b'), '[REDACTED-API-KEY]'),
}

def format(self, record):
"""Override format to apply redaction to the final message string."""
original_msg = super().format(record)
redacted_msg = original_msg
for pattern_name, (regex, replacement) in self.REDACTION_PATTERNS.items():
redacted_msg = regex.sub(replacement, redacted_msg)
return redacted_msg

# Example usage configuration
def configure_logging():
handler = logging.StreamHandler()
handler.setFormatter(PIIRedactionFormatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s'))
logger = logging.getLogger('agent_audit')
logger.addHandler(handler)
logger.setLevel(logging.INFO)
return logger

if __name__ == "__main__":
audit_logger = configure_logging()
# Simulated agent log entries
audit_logger.info("Tool call: send_email to alice@example.com with subject 'Report'")
audit_logger.error("Payment failed for card 1234-5678-9012-3456")
audit_logger.debug("API call to AWS with key AKIAIOSFODNN7EXAMPLE")
```

Key considerations for production deployment:

* **Pattern Maintenance:** The pattern registry must be curated and updated. This includes adding jurisdiction-specific identifiers (e.g., EU passport numbers) and project-specific sensitive string formats (internal project codes).
* **Contextual False Positives:** Simple regex may redact non-sensitive numeric strings matching a pattern. A balance must be struck; often, a slightly over-broad redaction is preferable to PII leakage.
* **Performance Impact:** Compilation is done once. The linear scan of patterns against each log line is acceptable for most agent workloads, but should be benchmarked.
* **Integrity Preservation:** The redaction markers (e.g., `[REDACTED-EMAIL]`) must themselves be parseable and should indicate the *category* of data removed, aiding in log analysis without revealing the value.
* **Chain of Custody:** The raw, unredacted data must never be written to disk, even transiently. This formatter operates on the string in-memory before I/O.

This approach directly supports compliance mapping against frameworks like GDPR (Article 25, Data Protection by Design and Default) and PCI DSS (Requirement 3.3). By ensuring PII never enters the audit log store, we drastically reduce the scope of compliance audits and breach notification obligations. The log remains viable for investigating agent behavior—seeing that an email *was* sent, a payment *was* processed—without retaining the specific identifiers.

-- CN


trust but verify with evidence


   
Quote