llm-hasher: Local PII Detection and Tokenization for Hybrid LLM Workflows
llm-hasher addresses a specific security gap in hybrid LLM workflows: when you run local LLMs but still call external services like OpenAI, Claude, or Gemini for certain tasks, your PII still leaves your infrastructure in plaintext. This tool runs PII detection entirely locally using Ollama, so no data leaves your systems during the detection phase.
How It Works
The process follows three steps: detect PII locally, tokenize it before external LLM calls, then restore the original values after processing. This prevents sensitive data from being exposed to third-party services.
Detection Approach
The detection system uses a hybrid approach:
- Regex patterns for structured data types: credit cards, IBAN numbers, email addresses, and IPv4 addresses
- Ollama with llama3.2:3b (by default) for contextual detection of unstructured PII: names, addresses, national IDs, passports, and dates of birth
Technical Implementation
Mappings between original PII and tokens are stored in an AES-256-GCM encrypted SQLite vault. Deployment is simplified with Docker Compose, which spins up both Ollama and the llm-hasher service with a single command.
📖 Read the full source: r/LocalLLaMA
👀 See Also
ClawCare: Security Guard for AI Coding Agents After AWS Key Leak
ClawCare is a Python tool that scans commands before execution in AI coding agents like Claude Code, blocking risky patterns like bulk environment dumps and reverse shells. It was built after a developer accidentally leaked an AWS key through an agent.
NPM Compromise via Axios Backdoor: Impact on AI Coding Agents
On March 31, 2026, a DPRK-linked threat actor compromised npm by publishing backdoored versions of Axios (1.14.1 and 0.30.4) during a 3-hour window. The malware injected a dependency that downloaded a platform-specific RAT, harvested credentials, and self-erased, with AI coding agents like Claude Code and Cursor being particularly vulnerable due to automated npm installs.
AISI Evaluation Shows Claude Mythos Preview's Cyber Capabilities in CTF and Multi-Step Attacks
The AI Security Institute evaluated Anthropic's Claude Mythos Preview, finding it successfully completed 73% of expert-level capture-the-flag challenges and solved a 32-step corporate network attack simulation in 3 out of 10 attempts.
SCION: Switzerland's Secure Alternative to BGP Routing Protocol
SCION (Scalability, Control, and Isolation On Next-Generation Networks) is an internet routing architecture developed at ETH Zürich that replaces BGP's foundation with built-in security and multi-path routing. Unlike BGP patches like RPKI and BGPsec, SCION establishes tens or hundreds of parallel paths with millisecond rerouting when failures occur.