AnonShield On-premise entities anonymization.

Research-grade sensitive data redaction. Zero cloud, zero persistence. Published at SBSeg 2025, ERRC 2025, and SBRC 2026.

Live demo — edit the text runs in-browser, no server

input editable

anonymized 10 entities redacted

Meeting notes — Q4 Security Review Attendees: Sarah Chen ([EMAIL-2g07bt]), Marcus Rodriguez Phone: [PHONE-b0hxs5] · Alt: [PHONE-6i11m8] Action items: • Card on file: [CREDIT·CARD-fj28wp] (exp. 09/27) • Migrate server [IP·ADDRESS-ev73g9] → new host at [IP·ADDRESS-63vl0e] • Patch [CVE·ID-aa8y9z] before Friday • API token: [AUTH·TOKEN-x5p27n] • Leaked URL: [URL-e1ebcm] • File hash: [HASH-s5gyw4]

PHONE 2

IP_ADDRESS 2

EMAIL 1

CREDIT_CARD 1

CVE_ID 1

AUTH_TOKEN 1

URL 1

HASH 1

Launch AnonShield → No sign-up. No cloud. Self-hostable.

How it works

Privacy guaranteed. We process everything — without keeping anything.

Input TXT · PDF · DOCX · ZIP

NER Detection Transformer + regex

HMAC-SHA256 Deterministic hash

Pseudonymization HMAC token replaced

Output Deleted after download

Key never stored server-side — used only in-memory for HMAC computation · Output file deleted immediately after download

738× faster than AnonLFI v2.0

94.2% F1 on OpenVAS dataset

96.7% Recall (filtered/hybrid, OpenVAS)

550MB in under 10 min (GPU)

0 cloud calls

1MB demo limit (configurable)

Supported formats

TXTCSVJSONJSONLPDFDOCXXLSXXMLZIPPNGJPGTIFFBMPWEBP

Research lineage

3 generations. 738× faster.

AnonShield is the third generation of a peer-reviewed research line on on-premise anonymization for CSIRTs, started by AnonLFI v1.0.

SBSeg 2025 AnonLFI v1.0

Anonimização de Incidentes de Segurança com Reidentificação Controlada

C. T. Bandel, J. P. R. Esteves, K. P. Guerra, L. M. Bertholdo, D. Kreutz, R. S. Miani

Focused on security incidents (not vulnerability data). Hybrid NER + RegEx. Validated on 763 real incidents.

100% Precision 97.38% Recall 763 Incidents On-premise

WRSeg / ERRC 2025 AnonLFI v2.0

AnonLFI 2.0: Extensible Architecture for PII Pseudonymization in CSIRTs with OCR and Technical Recognizers

C. Kapelinski, D. Lautert, B. Machado, D. Kreutz

PoC for vulnerability data. Added HMAC-SHA256, XML/JSON and OCR. F1 92.1% (XML).

92.1% F1 (XML) On-premise

SBRC 2026 AnonShield ← you are here

AnonShield: Scalable On-Premise Pseudonymization for CSIRT Vulnerability Data

C. Kapelinski, D. Lautert, B. Machado, I. G. Ferrão, D. Kreutz · UNIPAMPA / UBO

GPU-accelerated NER + LRU cache + streaming I/O + anonymization_config. 70,951 records (550 MB) in <10 min. 94.2% F1, 96.7% Recall.

94.2% F1 96.7% Recall 738× faster <10 min / 550 MB 70,951 records On-premise

GitHub ↗

Team

Built by researchers

Cristhian Kapelinski UNIPAMPA

Douglas Lautert UNIPAMPA

Beatriz Machado UNIPAMPA

Diego Kreutz UNIPAMPA

Isadora G. Ferrão UBO

Universidade Federal do Pampa (UNIPAMPA) · Université de Bretagne Occidentale (UBO)

Ready to get started?

No sign-up, no cloud, self-hostable.

Launch AnonShield → [email protected]