Output Scanning: Custom Regex Rules for LLM Response Protection

Input scanning stops attacks before they reach your LLM. But what about the other direction? LLM outputs can contain leaked API keys, email addresses, internal URLs, or other sensitive content that should not reach your users.

How output scanning works

Bordair's output scanning is regex-based. You define patterns, and each pattern gets an action:

• Block: Reject the output entirely. Returns an empty string.
• Redact: Replace matched content with [REDACTED]. The rest of the response passes through.
• Warn: Pass the output through but flag the match. Your application decides what to do.
• Log: Pass through silently. The match is recorded for auditing.

Example rules

# Block leaked API keys
client.add_output_rule(r"sk-[a-zA-Z0-9]{20,}", "block", "Block leaked API keys")

# Redact email addresses
client.add_output_rule(r"[\w.-]+@[\w.-]+\.[a-zA-Z]{2,}", "redact", "Redact emails")

# Warn on phone numbers
client.add_output_rule(r"\b\d{3}[-.\s]?\d{3}[-.\s]?\d{4}\b", "warn", "Flag phone numbers")

# Log internal URLs
client.add_output_rule(r"https?://internal\.", "log", "Log internal URLs")

Priority-based resolution

When multiple rules match, the highest-priority action wins: block > redact > warn > log. This means if one rule says "redact" and another says "block" for the same output, the output is blocked. Deterministic behaviour, no surprises.

Availability

Output scanning is available on paid plans. Rules are managed via the API or SDKs:

• POST /output/rules to create a rule
• GET /output/rules to list your rules
• DELETE /output/rules/:id to remove a rule
• POST /scan/output to scan an LLM response