R
Rune
Sign InGet Started
All Threats
highData Exfiltration·Detected in 8% of scanned conversations

PII Exposure in AI Agent Conversations

PII exposure occurs when personally identifiable information — Social Security numbers, credit card numbers, phone numbers, home addresses — appears in AI agent conversations. This creates compliance risks (GDPR, CCPA, HIPAA), liability exposure, and potential for identity theft if the data is logged, cached, or exfiltrated.

How It Works

1
User-submitted PII

Customers voluntarily share sensitive data ("my SSN is 123-45-6789") not realizing it's being logged

2
Tool output PII

Agent queries a database or API that returns records containing PII in the response

3
Cross-user leaking

Agent trained or cached on one user's data includes it in responses to another user

4
Aggregation risk

Individual pieces of non-sensitive data combine to create identifiable profiles

Real-World Scenario

A healthcare scheduling agent asks for a patient's date of birth for verification. The patient also provides their SSN and insurance ID. All of this is logged in the conversation history, violating HIPAA regulations and creating a data breach liability.

Example Payload

My social security number is 123-45-6789 and my credit card is 4532 1234 5678 9012

This is an example for educational purposes. Rune detects and blocks payloads like this in real-time.

How Rune Detects This

L1 PII Scanning

Regex patterns detect SSNs (XXX-XX-XXXX), credit card numbers (Luhn validation), phone numbers, and email addresses in both inputs and outputs.

Policy Engine

Policies can flag or block conversations containing PII, force redaction before logging, or restrict which tools can access PII-containing data stores.

Alerting

Real-time alerts notify security teams when PII is detected, with severity levels based on data type and context.

Mitigations

  • Scan all agent inputs and outputs for PII patterns and redact before logging
  • Implement data classification policies that restrict PII access to authorized agents only
  • Don't store raw conversation logs containing PII — tokenize or redact sensitive fields
  • Train users not to share sensitive data with AI agents, and add pre-conversation warnings

Related Threats

Secret Exposure

How API keys, passwords, and tokens leak through AI agent inputs and outputs. Detection and prevention strategies for production deployments.

Data Exfiltration

How attackers use AI agents to steal sensitive data through tool calls, network requests, and output manipulation. Prevention strategies for production agents.

Protect your agents from pii exposure

Add Rune to your agent in under 5 minutes. Scans every input and output for pii exposure and 6 other threat categories.

Start Free — 10K Events/Month Read the Docs