Presidio is a PII recognizer/anonymizer using spaCy + custom recognizers. It labels tokens with entity types (EMAIL, PHONE, SSN) and applies operators (redact, hash, mask). It sits BEFORE any LLM call so PII never reaches the model — that’s also where you keep PII for compliance.
AnalyzerEngine loads en_core_web_lg, plus custom recognizers for account numbers.
AnonymizerEngine applies redact/hash/mask per entity type.
In the LangGraph workflow the security_service node runs first, before the LLM call.
user_msg -> Presidio anonymize -> scrubbed_msg -> LLM call
PII stored separately in audit log if compliance needs it
PII redaction belongs in the security node, BEFORE the LLM call, not after.