Large Language Model Data Masking
The Einstein Trust Layer identifies and masks sensitive information in the prompts before sending them to the large language model (LLM). The Einstein Trust Layer uses data masking to protect sensitive data such as personally identifiable information (PII) from being exposed to external LLMs.
Required Editions
| Available in: Enterprise, Performance, and Unlimited Editions with an Einstein for Sales, Einstein for Platform, Einstein for Service, Einstein 1 Service, or Einstein GPT Service add-on. To purchase add-ons, contact your Salesforce account executive. |
The Einstein Trust Layer provides two types of data masking. The types are based on the method used to identify the type of data.
- Pattern-based: Einstein Trust Layer uses advanced pattern matching and machine learning techniques to detect sensitive data in prompts.
- Field-based: Einstein Trust Layer uses metadata to identify Salesforce CRM fields that are classified or tagged for security measures.
Data masking involves replacing the sensitive data with placeholder text based on what it represents.
You can select what data to mask in Einstein Trust Layer Setup.
- Data masking through Einstein Trust Layer is disabled for agents. See Data Masking Limitations in Agentforce
- LLM Data Masking isn’t always available in all features. Refer to the feature documentation for more information.
- Pattern-based data masking: Although our detection models have shown to be effective during internal testing, it's important to note that no model can guarantee 100% accuracy. In addition, cross-region and multicountry use cases can affect the ability to detect specific data patterns. With trust as our priority, we're dedicated to the ongoing evaluation and refinement of our models.
- Field-Based masking supports only merge fields that are referenced in record merge fields and related lists.
Pattern-Based Masking
Depending on the type of data, we use specific text patterns and context or machine learning models to identify sensitive data. Here are a couple of examples that can help illustrate how pattern-matching and machine learning models work.
- Social Security number (SSN): SSNs are identified based on the number of digits and the format. The proximity of terms like “SSN” or “social” helps in identifying the number as a social security number.
- Name: Names of individuals or companies are varied and don’t have a specific pattern. We use a machine learning model that is trained to recognize names and to classify them as names of individuals or companies.
For a full list of data types supported for pattern-based masking, see Einstein Trust Layer Region and Language Support.
Field-Based Masking
Field-based masking in Einstein Trust Layer uses metadata from Salesforce fields to identify and mask sensitive data with placeholders. This type of masking builds upon existing security controls like Platform Shield Encryption and Data Classification, which include compliance categories and sensitivity levels.
Field-based masking is applied in Prompt Builder and other AI features using prompt templates. When merge fields in a prompt template have Platform Shield Encryption or data classification tags, Einstein Trust Layer masks the information in these fields before sending it to the LLM for response generation.
Demasking
After the LLM returns a response, the Einstein Trust Layer demasks the data that was originally masked. The response you see contains the actual data.
You can select what data to mask in Einstein Trust Layer Setup.
You can verify data masking in action in Prompt Builder. You can also track data masking and view the masked data by using the audit trail stored in Data 360.
