OpenAI releases "privacy filter": An open-weight model to mask sensitive user data

OpenAI has launched Privacy Filter, a specialized, open-weight model designed to detect and redact personally identifiable information (PII) before it ever reaches the cloud. Released on April 22, 2026, this tool addresses the "intake risk" of generative AI - the common habit of users pasting sensitive logs, emails, or documents into LLMs.

Unlike standard filters that rely on rigid pattern matching, Privacy Filter uses contextual reasoning to distinguish between public data and private identifiers, achieving a 96% F1 score on industry benchmarks.

Key features and capabilities

The model is designed to be small, fast, and highly accessible for both individual developers and enterprise security teams:

• Local execution: Privacy Filter is compact enough (1.5B parameters total, with only 50M active during inference) to run directly on a laptop or within a browser. This ensures that sensitive data is scrubbed on-device before being transmitted to any external server.

• Context-aware redaction: It identifies eight specific categories of sensitive information, including names, physical addresses, emails, and "secrets" like API keys and passwords. Its architecture allows it to understand when a name refers to a private individual versus a public figure.

• Long-context throughput: The model supports a 128,000-token context window, allowing it to process massive documents or entire codebases in a single pass without needing to chunk the text.

• Open source & customizable: Released under the Apache 2.0 license, the model is available on GitHub and Hugging Face. Organizations can fine-tune it on their specific data distributions to improve accuracy for niche industries like healthcare or law.

Why this matters

For years, the primary privacy concern with AI has been "output leakage" - the fear that a model might repeat a secret it learned during training. However, security researchers note that the more immediate threat is "input exposure."

By providing a tool that intercepts and masks data at the point of entry, OpenAI is shifting toward a "privacy-by-design" infrastructure. This release complements other 2026 security updates, such as the launch of GPT-5.5 and new identity-verification protocols, signaling a broader industry push to make AI safer for corporate and regulated environments.

Implementation for organizations

Security teams are encouraged to integrate Privacy Filter into their internal "AI Gateway" or developer environments:

• Download: Access the weights via OpenAI’s official GitHub repository.

• Configure: Set detection thresholds to balance "strict redaction" (higher recall) with "operational utility" (higher precision).

• Deploy: Run the model as a pre-processing step for any internal ChatGPT or API-based application to ensure no PII is inadvertently sent to the cloud.