pyveil

Decision guide

pyveil vs Presidio, NER, guardrails, and enterprise DLP.

These tools solve different layers of the sensitive-data problem. The honest answer is often to combine them.

Published July 11, 2026 · No compliance claims · Links to primary projects

The short answer

  • Choose pyveil for a small local runtime boundary around LLM prompts, tool calls, MCP, memory, logs, and traces.
  • Choose Microsoft Presidio or another NER system when you must discover unknown names, locations, organizations, or addresses.
  • Choose llm-guard or a validation framework when you need a broader family of model input/output scanners beyond sensitive-data redaction.
  • Choose enterprise DLP for managed policy, files and images, incident workflows, central reporting, and compliance operations.

Capability and operating-model comparison

DimensionpyveilPresidio / NERLLM guardrail suiteEnterprise DLP
Primary roleFinal local agent boundaryBroad entity discoveryInput/output model safetyOrganization-wide data control
Unknown names and addressesNot built inCore strengthDepends on scanner/modelUsually supported
API keys and auth headersBuilt inCustom recognizerDepends on scannerUsually supported
Agent channelsPrompt, tool, MCP, memory, log, traceApplication-definedPrompt/input-output focusedPolicy/product dependent
Structured dict/list/JSON shapePreservedIntegration work requiredFramework dependentProduct dependent
Stable scoped placeholdersHMAC-SHA256Anonymizer strategy dependentScanner dependentProduct dependent
Required pyveil core dependenciesZeroMultiple NLP dependenciesOften model/runtime dependenciesManaged service or agent
Network callsNone in coreLocal by defaultConfiguration dependentCommon
Compliance guaranteeNoNoNoDepends on contract and deployment

Choose pyveil when the boundary is the product requirement

pyveil's differentiator is not broad NLP. It is the combination of:

  • channel-aware REDACT, PASS, and BLOCK decisions
  • recursive structured data redaction without flattening payloads
  • stable, scope-separated HMAC placeholders
  • credential blocking before model-controlled tools execute
  • zero required runtime dependencies and no core network calls
  • exact known-value and narrow domain-identifier rules

That makes it useful as the last local control before data crosses into an agent-controlled surface.

Choose Presidio or NER when broad discovery matters

Regex cannot infer that an arbitrary phrase is a person's name, organization, street address, or location. Presidio combines recognizers and NLP analysis for broader entity discovery, and NER models such as GLiNER can find semantic entities that pyveil deliberately does not attempt.

The tradeoff is a larger dependency and operational surface, model selection, language configuration, and different false-positive/false-negative behavior. If you need that recall, use it. Do not force a small regex package to imitate an NER system.

Choose a guardrail suite for broader model risks

PII is only one LLM safety concern. Prompt injection, toxicity, topic control, jailbreaks, hallucination checks, and output validation require different detectors and policies. A guardrail suite can coordinate those concerns; pyveil can remain the local sensitive-data boundary inside that architecture.

Choose enterprise DLP for managed organizational controls

pyveil does not scan images, classify office documents, manage incidents, push centralized policy, retain audit cases, or certify compliance. Those are enterprise DLP responsibilities. A small Python library can complement that system at an application boundary but cannot replace it.

A practical layered architecture

raw data NER / DLP discovery pyveil boundary policy LLM / tool / MCP

Use upstream systems to discover broad semantic entities. Feed known sensitive values into CustomRule.exact(...) when helpful. Keep pyveil at the final boundary to apply channel policy, redact credentials and structured values, and produce stable placeholders.

Selection principle

Pick the smallest tool that meets the required recall and operating model. Layer tools when the requirements span multiple categories.