search

guardrails-ai / guardrails

Adding guardrails to large language models.
https://www.guardrailsai.com/docs
Apache License 2.0
3.84k stars 288 forks source link

[bug] False alarm with Detect PII #933

Closed Kashyapiyer closed 1 month ago

Kashyapiyer commented 1 month ago

Describe the bug

Simple query without any PII information resulted in Validation failure. Please find the screenshot below

Inputstr = For savings products, statements are generated on a quarterly basis if there is no activity in the account to prompt a monthly statement.

Screenshot 2024-07-16 at 5 22 25 PM

To Reproduce Steps to reproduce the behavior:

  1. RAIL spec

  2. Runtime arguments (e.g. guard(...))

Expected behavior A clear and concise description of what you expected to happen.

Library version: Guardrails version 0.4.5

Additional context Add any other context about the problem here.

dtam commented 1 month ago

given

guard = Guard().use_many(
    DetectPII(
                    pii_entities=['PERSON', 'PHONE_NUMBER', 'EMAIL_ADDRESS', 'US_SSN', 'US_BANK_NUMBER', 'US_DRIVER_LICENSE','GENERIC_PII', 'NRP', 'DATE_TIME'],
                    on_fail="fix"
                  )
)
response = guard.parse("For savings products, statements are generated on a quarterly basis if there is no activity in the account to prompt a monthly statement.")
print(response.validated_output)

prints

For savings products, statements are generated on a <DATE_TIME> basis if there is no activity in the account to prompt a <DATE_TIME> statement.

See the example above. For the pii validator flipping the on_fail behavior from 'exception' to 'fix' will flag the entities in the validated output that it thinks are pii with the appropriate entry. Presidio which the validator is based on is flagging the words monthly and quarterly here as date times.

dtam commented 1 month ago

Let me know if you have any more questions or need any clarification. This seems like expected behavior from presidio.

Kashyapiyer commented 1 month ago

Thank you @dtam looks like. This means that even with simple text which has any combination of Date_time representation would be flagged as failure with exception even if they dont represent any PII.

dtam commented 1 month ago

Yes, as long as you have 'DATE_TIME' in the entity set. Are you specifically trying to filter something like birthdays out? An option is to use the validator in no op and handle the validator failures on your own with special handling for DATE)TIME. Detailed validator execution information can be accessed in the guard.history here are some docs: https://www.guardrailsai.com/docs/concepts/logs

dtam commented 1 month ago

@Kashyapiyer It's been a few weeks on this thread with no activity. I'm going to close it out for now. If you're still having any issues please feel free to reopen.