AnonShield On-premise PII pseudonymization, built for CSIRTs.

Redact sensitive entities before sharing security data. Zero cloud, zero persistence: everything runs inside your network, processed in-memory and deleted on the spot.

Live demo runs entirely in your browser
Mode

Reversible: each entity becomes a stable token. With the secret key you can re-identify and keep correlations across documents.

Input editable: type to test
Output 10 entities redacted
Meeting notes: Q4 Security Review Attendees: Sarah Chen ([EMAIL-2g07bt]), Marcus Rodriguez Phone: [PHONE-b0hxs5] · Alt: [PHONE-6i11m8] Action items: • Card on file: [CREDIT·CARD-fj28wp] (exp. 09/27) • Migrate server [IP·ADDRESS-ev73g9] → new host at [IP·ADDRESS-63vl0e] • Patch [CVE·ID-aa8y9z] before Friday • API token: [AUTH·TOKEN-x5p27n] • Leaked URL: [URL-e1ebcm] • File hash: [HASH-s5gyw4]
PHONE 2
IP_ADDRESS 2
EMAIL 1
CREDIT_CARD 1
CVE_ID 1
AUTH_TOKEN 1
URL 1
HASH 1

Mode trade-offs

Reversible Yes, with key
Correlation Preserved
Privacy High
Launch the app View the slides No account · No upload · Open source

Five stages, zero data left behind Click any stage to inspect it

Ingest Read any format
Detect NER + regex
Hash HMAC-SHA256
Replace Typed tokens
Deliver Download & purge

Nothing is written to disk. The original is processed in memory and discarded the moment your file is ready.

738× faster, over 92 h reduced to under 10 min
94.2% F1 score
96.4% recall
550MB processed in under 10 minutes
0 bytes sent to the cloud
1MB max file size in this demo
Supported formats
TXTCSVJSONJSONLPDFDOCXXLSXXMLZIPPNGJPGTIFFBMPWEBP

Best Artifact Award at SBRC 2026

AnonShield was selected as the best artifact of the entire conference, and earned all four SBC reproducibility seals.

SBC reproducibility seals

Available seal (SBC)
Available
Functional seal (SBC)
Functional
Reproducible seal (SBC)
Reproducible
Sustainable seal (SBC)
Sustainable

Three generations, one mission

From AnonLFI to AnonShield: a peer-reviewed evolution toward scalable, on-premise pseudonymization for CSIRTs.

1
SBSeg 2025 AnonLFI v1.0

Anonimização de Incidentes de Segurança com Reidentificação Controlada

Carolina Tompsen Bandel (SENAC EAD), João Pedro Ramires Esteves (UFU), Kalian Pereira Guerra (UFRGS), Leandro M. Bertholdo (UFRGS), Diego Kreutz (UNIPAMPA), Rodrigo S. Miani (UFU)

Natural-language incident reports, anonymized for safe LLM use with controlled re-identification

100% Precision 97.38% efficacy 763 incidents Controlled re-identification NER + regex On-premise
2
WRSeg / ERRC 2025 AnonLFI v2.0

AnonLFI 2.0: Extensible Architecture for PII Pseudonymization in CSIRTs with OCR and Technical Recognizers

Cristhian Kapelinski (UNIPAMPA), Douglas Lautert (UNIPAMPA), Beatriz Machado (UNIPAMPA), Diego Kreutz (UNIPAMPA)

Reversible pseudonymization with OCR and technical recognizers, preserving XML and JSON structure

100% Precision 92.13% F1 (OpenVAS XML) 76.5% F1 (OCR / PDF) Reversible (HMAC-SHA256) XML / JSON structure preserved On-premise
3
SBRC 2026 AnonShield ← You are here

AnonShield: Scalable On-Premise Pseudonymization for CSIRT Vulnerability Data

Cristhian Kapelinski (UNIPAMPA), Douglas Lautert (UNIPAMPA), Beatriz Machado (UNIPAMPA), Isadora Garcia Ferrão (UBO), Diego Kreutz (UNIPAMPA)

GPU-accelerated, streaming pseudonymization of network vulnerability scans at scale

94.2% F1 96.4% Recall 738× faster 92h to <10 min 550 MB / 70,951 records GPU-accelerated NER On-premise

Built by researchers, for CSIRTs

Cristhian Kapelinski UNIPAMPA
Douglas Lautert UNIPAMPA
Beatriz Machado UNIPAMPA
Diego Kreutz UNIPAMPA
Isadora G. Ferrão UBO
Carolina Tompsen Bandel SENAC EAD
João Pedro Ramires Esteves UFU
Kalian Pereira Guerra UFRGS
Leandro M. Bertholdo UFRGS
Rodrigo S. Miani UFU

Developed at UNIPAMPA in collaboration with UBO (Université de Bretagne Occidentale), UFU, UFRGS, and SENAC.

Ready to anonymize your data?

Run it on-premise in seconds. No account, no upload, no data ever leaves your network.

Launch the app [email protected]