Skip to main content

Data sanitization with privacy preservation for AI training

Project description

DataShield ๐Ÿ”’

Privacy-preserving data sanitization for AI training.

CI PyPI version Python versions License Code style: ruff Coverage

DataShield detects and removes sensitive information (PII, secrets, medical, financial data) from datasets before fine-tuning or RAG. It implements anonymization, differential privacy, and data minimization techniques.


Features

Feature Description
PII Detection Detects emails, phones, SSNs, passports, national IDs, and more
Secret Scanning Finds API keys, tokens, passwords, certificates, and credentials
Sensitive Classification Classifies medical, financial, legal, and personal data by keywords
Presidio Detection Optional ML-powered PII detection via Microsoft Presidio
Anonymization Replaces sensitive values with anonymized tokens (deterministic)
Redaction Replaces sensitive content with [REDACTED]
Data Minimization Removes unnecessary fields while preserving required ones
Transformation Applies category-specific transforms (hashing, masking, etc.)
Differential Privacy Adds calibrated Laplace/Gaussian noise with configurable epsilon
k-Anonymity Ensures each record is indistinguishable from k-1 others
Epsilon Calculator Estimates optimal privacy budget based on dataset characteristics
GDPR Compliance Checks Art. 5, 9, 17, 25, 32, 35 compliance
HIPAA Compliance Checks Privacy Rule, Security Rule, Minimum Necessary
MCPGuard Policies Generates MCPGuard-compatible YAML security policies
mcp-taxonomy Adapter Normalizes findings to the canonical MCP security taxonomy
MCPscop Integration Forwards findings to MCPscop dashboard via webhook
HTML/JSON/Console Reports Rich reports for auditing and sharing
Multi-format Input Supports JSON, JSONL, and CSV datasets

Installation

pip install datashield-ai

With Presidio support (enhanced ML-based PII detection):

pip install datashield-ai[presidio]

With taxonomy integration:

pip install datashield-ai[taxonomy]

Quick Start

# Scan a dataset for sensitive data
datashield scan dataset.json

# Sanitize a dataset (detect + anonymize)
datashield sanitize dataset.json sanitized.json

# Anonymize with differential privacy
datashield anonymize dataset.json anonymized.json --epsilon 0.5 --k 5

# Verify compliance
datashield verify sanitized.json

# Generate MCPGuard policy
datashield policies dataset.json -o mcpguard_policy.yaml

# Generate HTML report
datashield report dataset.json -o report.html

Usage

Scan a dataset

# Basic scan (auto-detects format from extension)
datashield scan data.json
datashield scan data.jsonl
datashield scan data.csv

# Scan with confidence threshold
datashield scan data.json --threshold 0.6

# Exclude certain fields
datashield scan data.json --exclude metadata,internal_id

# Forward findings to MCPscop dashboard
datashield scan data.json --mcpscop

# Output as JSON
datashield scan data.json --format json -o scan_report.json

Sanitize a dataset

# Detect and anonymize sensitive data
datashield sanitize data.json sanitized.json

# Full pipeline with all techniques
datashield sanitize data.json sanitized.json \
  --anonymize true --redact true --minimize true --transform true

# Generate scan report alongside sanitized data
datashield sanitize data.json sanitized.json -r report.html

Anonymize with privacy guarantees

# Differential privacy + k-anonymity
datashield anonymize data.json anonymized.json --epsilon 1.0 --k 5

Verify compliance

# Check GDPR and HIPAA compliance
datashield verify sanitized.json

# Compare with original
datashield verify sanitized.json --original original.json

Generate MCPGuard policies

# Generate YAML security policy from dataset findings
datashield policies dataset.json -o mcpguard_policy.yaml

# Specify custom MCPGuard target
datashield policies dataset.json --target http://my-mcp-server:8000

Generate reports

# HTML report with visualizations
datashield report data.json -o report.html

# JSON report for programmatic use
datashield report data.json -o report.json --format json

Configuration

DataShield supports configuration via environment variables (prefix DATASHIELD_) or a .env file:

# .env
DATASHIELD_THRESHOLD=0.5
DATASHIELD_EXCLUDE_FIELDS=metadata,debug
DATASHIELD_DEFAULT_EPSILON=0.5
DATASHIELD_DEFAULT_K=10
DATASHIELD_MCPSCOP_URL=http://mcpscop:8080
DATASHIELD_MCPSCOP_API_KEY=your-key

Integration with Ecosystem

Project Integration
MCPGuard Generates MCPGuard-compatible YAML data policies via datashield policies
MCPscop Forwards normalized findings via --mcpscop flag or MCPscopClient API
mcp-taxonomy Normalizes findings to canonical taxonomy via datashield_finding_to_taxonomy()
palisade-scanner Same detector pattern and architecture

API

import asyncio
from datashield.scanner import Scanner
from datashield.detectors import PIIDetector, SecretScanner, PresidioDetector
from datashield.taxonomy import datashield_finding_to_taxonomy
from datashield.policies.mcpguard import MCPGuardPolicyGenerator

# Create scanner with detectors
scanner = Scanner(detectors=[PIIDetector(), SecretScanner()])

# Scan dataset
data = [{"email": "user@example.com", "api_key": "sk-1234"}]
report = asyncio.run(scanner.scan(data))

print(f"Risk score: {report.risk_score}")
print(f"Findings: {report.total_findings}")

# Normalize to mcp-taxonomy
for finding in report.findings:
    event = datashield_finding_to_taxonomy(finding)
    print(f"  โ†’ {event.attack_category.value}: {event.title}")

# Generate MCPGuard policy
gen = MCPGuardPolicyGenerator()
policy = gen.from_findings(report.findings)
print(gen.to_yaml(policy))

Project Structure

datashield/
โ”œโ”€โ”€ src/datashield/
โ”‚   โ”œโ”€โ”€ cli.py              # Typer CLI interface (6 commands)
โ”‚   โ”œโ”€โ”€ scanner.py           # Core scanning engine + Pydantic models
โ”‚   โ”œโ”€โ”€ config.py            # pydantic-settings configuration
โ”‚   โ”œโ”€โ”€ taxonomy.py          # mcp-taxonomy adapter
โ”‚   โ”œโ”€โ”€ detectors/           # Detection modules
โ”‚   โ”‚   โ”œโ”€โ”€ pii_detector.py
โ”‚   โ”‚   โ”œโ”€โ”€ secret_scanner.py
โ”‚   โ”‚   โ”œโ”€โ”€ sensitive_classifier.py
โ”‚   โ”‚   โ”œโ”€โ”€ pattern_matcher.py
โ”‚   โ”‚   โ””โ”€โ”€ presidio_detector.py   # Optional ML-based PII detection
โ”‚   โ”œโ”€โ”€ sanitizers/          # Sanitization modules
โ”‚   โ”‚   โ”œโ”€โ”€ anonymizer.py
โ”‚   โ”‚   โ”œโ”€โ”€ redactor.py
โ”‚   โ”‚   โ”œโ”€โ”€ minimizer.py
โ”‚   โ”‚   โ””โ”€โ”€ transformer.py
โ”‚   โ”œโ”€โ”€ privacy/             # Privacy preservation
โ”‚   โ”‚   โ”œโ”€โ”€ differential.py
โ”‚   โ”‚   โ”œโ”€โ”€ k_anonymity.py
โ”‚   โ”‚   โ””โ”€โ”€ epsilon_calculator.py
โ”‚   โ”œโ”€โ”€ compliance/          # Compliance verification
โ”‚   โ”‚   โ”œโ”€โ”€ gdpr.py
โ”‚   โ”‚   โ”œโ”€โ”€ hipaa.py
โ”‚   โ”‚   โ””โ”€โ”€ verifier.py
โ”‚   โ”œโ”€โ”€ reporters/           # Output formats
โ”‚   โ”‚   โ”œโ”€โ”€ console.py       # Rich console output
โ”‚   โ”‚   โ”œโ”€โ”€ json.py
โ”‚   โ”‚   โ””โ”€โ”€ html.py          # Jinja2 HTML reports
โ”‚   โ”œโ”€โ”€ policies/            # Policy generation
โ”‚   โ”‚   โ””โ”€โ”€ mcpguard.py      # MCPGuard YAML policy generator
โ”‚   โ”œโ”€โ”€ integrations/        # Ecosystem integrations
โ”‚   โ”‚   โ””โ”€โ”€ mcpscop.py       # MCPscop webhook client
โ”‚   โ””โ”€โ”€ utils/
โ”‚       โ””โ”€โ”€ crypto.py        # Cryptographic utilities
โ””โ”€โ”€ tests/                   # 202+ tests (92% coverage)

Compliance

DataShield helps verify compliance with:

  • GDPR (Art. 5, 9, 17, 25, 32, 35) โ€” Data minimization, right to erasure, DPIA
  • HIPAA (Privacy Rule, Security Rule, Breach Rule) โ€” PHI de-identification, minimum necessary

Academic References

  • arXiv:2605.25716 โ€” Efficient and Privacy-Preserving Architecture for Cross-Institutional Collaborative RAG
  • arXiv:2605.25791 โ€” Efficient and Privacy-Preserving Distribution Statistics Analytics on Mobile Spatial Data
  • arXiv:2605.25002 โ€” Verifiable Secure Aggregation via Dual Servers with Linear Tags
  • arXiv:2605.26019 โ€” Retrieval-Augmented Detection of Potentially Abusive Clauses

Troubleshooting

"mcp_taxonomy is required" error

The taxonomy adapter requires mcp-taxonomy. Install it with:

pip install datashield-ai[taxonomy]

If you don't need taxonomy integration, this error means you're calling datashield_finding_to_taxonomy() directly โ€” the CLI commands work without it.

Presidio not found

Presidio-based PII detection requires:

pip install datashield-ai[presidio]

This downloads models (~500 MB) on first use.

Large files causing memory errors

DataShield loads the entire file into memory. For files >500 MB, set:

export DATASHIELD_MAX_SIZE_MB=1000

Or pass --max-size if available. Streaming support is planned for a future release.

How to interpret risk scores

Score Category Meaning
70+ Critical High-risk data (credentials, keys) present
40-69 High PII/secrets detected, immediate action needed
20-39 Medium Some sensitive fields found
5-19 Low Minor privacy concerns
<5 Safe No significant risks detected

Getting help

datashield --help          # Top-level help
datashield scan --help     # Help for a specific command
datashield --version       # Show version

License

MIT โ€” see LICENSE

Author

Carlos-Projects โ€” Carlos@AIAgentObservatory.org

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datashield_ai-0.1.0.tar.gz (52.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

datashield_ai-0.1.0-py3-none-any.whl (46.5 kB view details)

Uploaded Python 3

File details

Details for the file datashield_ai-0.1.0.tar.gz.

File metadata

  • Download URL: datashield_ai-0.1.0.tar.gz
  • Upload date:
  • Size: 52.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for datashield_ai-0.1.0.tar.gz
Algorithm Hash digest
SHA256 78b854985fb05dd3d5f14f6e708511d3fd988d59414138a0ad75bd807b013b16
MD5 87b22cac066bd1e8364164e8d98317ae
BLAKE2b-256 52d941086e2ac6270b06fec4525050457bf138890653c3a102af829c8e6695ae

See more details on using hashes here.

File details

Details for the file datashield_ai-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: datashield_ai-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 46.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for datashield_ai-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c20f4f42066e9e611904a1c9eee759b9de772c340864523476df716fa280a020
MD5 0f341eb912dff884bb75cfa04502c0a5
BLAKE2b-256 ca4a1aec8533a979a55d9fde370023dab7b0308654823109ea8fc9439c6a6487

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page