The short answer
- Choose pyveil for a small local runtime boundary around LLM prompts, tool calls, MCP, memory, logs, and traces.
- Choose Microsoft Presidio or another NER system when you must discover unknown names, locations, organizations, or addresses.
- Choose llm-guard or a validation framework when you need a broader family of model input/output scanners beyond sensitive-data redaction.
- Choose enterprise DLP for managed policy, files and images, incident workflows, central reporting, and compliance operations.
Capability and operating-model comparison
| Dimension | pyveil | Presidio / NER | LLM guardrail suite | Enterprise DLP |
|---|---|---|---|---|
| Primary role | Final local agent boundary | Broad entity discovery | Input/output model safety | Organization-wide data control |
| Unknown names and addresses | Not built in | Core strength | Depends on scanner/model | Usually supported |
| API keys and auth headers | Built in | Custom recognizer | Depends on scanner | Usually supported |
| Agent channels | Prompt, tool, MCP, memory, log, trace | Application-defined | Prompt/input-output focused | Policy/product dependent |
| Structured dict/list/JSON shape | Preserved | Integration work required | Framework dependent | Product dependent |
| Stable scoped placeholders | HMAC-SHA256 | Anonymizer strategy dependent | Scanner dependent | Product dependent |
| Required pyveil core dependencies | Zero | Multiple NLP dependencies | Often model/runtime dependencies | Managed service or agent |
| Network calls | None in core | Local by default | Configuration dependent | Common |
| Compliance guarantee | No | No | No | Depends on contract and deployment |
Choose pyveil when the boundary is the product requirement
pyveil's differentiator is not broad NLP. It is the combination of:
- channel-aware
REDACT,PASS, andBLOCKdecisions - recursive structured data redaction without flattening payloads
- stable, scope-separated HMAC placeholders
- credential blocking before model-controlled tools execute
- zero required runtime dependencies and no core network calls
- exact known-value and narrow domain-identifier rules
That makes it useful as the last local control before data crosses into an agent-controlled surface.
Choose Presidio or NER when broad discovery matters
Regex cannot infer that an arbitrary phrase is a person's name, organization, street address, or location. Presidio combines recognizers and NLP analysis for broader entity discovery, and NER models such as GLiNER can find semantic entities that pyveil deliberately does not attempt.
The tradeoff is a larger dependency and operational surface, model selection, language configuration, and different false-positive/false-negative behavior. If you need that recall, use it. Do not force a small regex package to imitate an NER system.
Choose a guardrail suite for broader model risks
PII is only one LLM safety concern. Prompt injection, toxicity, topic control, jailbreaks, hallucination checks, and output validation require different detectors and policies. A guardrail suite can coordinate those concerns; pyveil can remain the local sensitive-data boundary inside that architecture.
Choose enterprise DLP for managed organizational controls
pyveil does not scan images, classify office documents, manage incidents, push centralized policy, retain audit cases, or certify compliance. Those are enterprise DLP responsibilities. A small Python library can complement that system at an application boundary but cannot replace it.
A practical layered architecture
Use upstream systems to discover broad semantic entities. Feed known sensitive values into CustomRule.exact(...) when helpful. Keep pyveil at the final boundary to apply channel policy, redact credentials and structured values, and produce stable placeholders.
Pick the smallest tool that meets the required recall and operating model. Layer tools when the requirements span multiple categories.