- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Licensing
- About licensing
- Unified Pricing: Licensing plan framework
- Flex: Licensing plan framework
- Activating your Enterprise license
- Upgrading and downgrading licenses
- License migration
- Requesting a service trial
- Assigning licenses to tenants
- Assigning user licenses
- Deallocating user licenses
- Monitoring license allocation
- License overallocation
- Licensing notifications
- User license management
- Tenants and services
- Accounts and roles
- Testing in your organization
- AI Trust Layer
- External applications
- Notifications
- Logging
- Troubleshooting
- Migrating to Automation Cloud
Automation Cloud admin guide
PII in-flight masking enhances the AI Trust Layer by ensuring that personally identifiable information (PII) is pseudonymized before reaching Large Language Models (LLMs) used in generative AI features. By intercepting and masking sensitive entities during runtime, this helps preserve data privacy and support compliance requirements, without interrupting automation flows or degrading LLM performance.
person_1, email_1) prior to
transmission. Once the LLM returns a response, the system automatically rehydrates the
original PII into the output, ensuring a seamless experience for users and downstream
systems.
PII in-flight masking is currently supported in:
- Autonomous agents: Input routed through LLMs during agent execution.
- Gen AI Activities: Rewrite Text, Summarize, Semantic Matching activities.
PII in-flight masking is a four-step process that ensures sensitive data is never exposed to the LLM during processing:
- Detection – The system scans user input and identifies personally identifiable information (PII) using language-specific entity recognition models.
- Pseudonymization – Detected PII
entities are replaced with anonymized, context-aware placeholders (e.g.,
John Doe→person_1,123-456-7890→phone_1). This allows the LLM to process the input safely, without accessing real PII. - LLM interaction – The masked prompt is sent to the LLM. Since no actual PII is included, this step preserves privacy while still enabling accurate and useful responses.
- Rehydration – After the LLM returns a response, the system automatically substitutes each placeholder with the original PII. This ensures the final output retains full context and accuracy, with no loss of information.
Example transformation:
- Input: "Call John Doe at 123-456-7890."
- Sent to LLM: "Call person_1 at phone_1."
- Output: "Calling John Doe at 123-456-7890."
PII in-flight masking is available on the following licensing plans:
- Flex Pricing plan: Enterprise – Standard and Advanced tiers.
- Unified Pricing plan: Standard, Enterprise, App Test Platform Standard, App Test Platform Enterprise.
If you enable PII in-flight masking without an eligible tier entitlement, your agents will fail. The entitlement enforcement mechanism blocks data processing, leading to failures and workflow interruptions. This behavior is intentional — it prevents you from assuming that PII masking is active when, in reality, sensitive data might still be sent to language models.
To avoid disruptions, ensure your organization is on a supported tier before enabling PII in-flight masking.
To maintain service stability and ensure consistent performance, each tenant is limited to 200 LLM requests with PII per minute. This helps prevent excessive traffic from affecting overall service availability.
If a tenant exceeds this threshold, additional requests will be temporarily throttled and will receive a HTTP 429 ("PII Masking rate limits exceeded. Please try again later”) response. The limit automatically resets after one minute, allowing requests to resume once usage is within the allowed rate.
To enable PII masking, follow these steps:
- Navigate to Admin > AI Trust Layer > AI Governance > Add Policy.
- Create a new AI Trust Layer policy or edit an existing one.
- By default, PII in-flight masking is
disabled for both UiPath Gen AI activities and Agents. You must explicitly enable it for
one or both product types using the dedicated toggles:
- Enable PII Masking for Agents
- Enable PII Masking for UiPath Gen AI activities
-
Once enabled, the list of supported PII entities becomes visible in the configuration panel. Masking is applied only to the entities you explicitly configure.
-
For each entity, you can:
- Choose the PII category (e.g.,
USSocialSecurityNumber,URL,IPAddress, etc.). - Enable or disable masking for that entity.
- Set a confidence threshold for
detection. Only data detected above this threshold will be masked. The default
confidence threshold is set to 0.5. Changing this threshold affects the detection
behavior as follows:
- Increase threshold: Detection is more selective. It is less likely to mistakenly identify non-sensitive data as PII, but may overlook some valid entities.
- Decrease threshold: Detection is more permissive. It identifies more potential PII, but may also include content that is not actually sensitive.
- Choose the PII category (e.g.,
- Save your configuration after editing each entity. You can adjust or remove entities individually.
- Scope the policy by tenant, group, or user, depending on how broadly or narrowly you want the masking rules to apply.
The following table lists the PII entity types currently supported, along with the languages in which detection and pseudonymization are available.
| Category | Entity | Languages |
|---|---|---|
| General | Date
Can be used in for birth date, admission date, discharge or date of death. | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, af, ca, da, el, ga, gl, ku, nl, no, ss, ro, sq, ur, ar, bg, bs, cy, fa, hr, id, mg, mk, ms, ps, ru, sl, so, sr, sw, am, as, cs, et, eu, fi, he, hu, km, lo, lt, lv, mr, my, ne, or, pa, pl, sk, th, uk, az, bn, gu, hy, ka, kk, kn, ky, ml, mn, ta, te, ug, uz, vi |
| Phone number | en, es, fr, de, it, zh-hans, ja, ko, pt-pt pt-br | |
| EU GPS coordinates | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk | |
| en, es, fr, de, it, zh, ja, ko, pt-pt, pt-br, nl, sv, tr, hi | ||
| Person | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, af, ca, da, el, ga, gl, ku, nl, no, ss, ro, sq, ur, ar, bg, bs, cy, fa, hr, id, mg, mk, ms, ps, ru, sl, so, sr, sw, am, as, cs, et, eu, fi, he, hu, km, lo, lt, lv, mr, my, ne, or, pa, pl, sk, th, uk, az, bn, gu, hy, ka, kk, kn, ky, ml, mn, ta, te, ug, uz, vi | |
| Address | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, af, ca, da, el, ga, gl, ku, nl, no, ss, ro, sq, ur, ar, bg, bs, cy, fa, hr, id, mg, mk, ms, ps, ru, sl, so, sr, sw, am, as, cs, et, eu, fi, he, hu, km, lo, lt, lv, mr, my, ne, or, pa, pl, sk, th, uk, az, bn, gu, hy, ka, kk, kn, ky, ml, mn, ta, te, ug, uz, vi | |
| URL | en, es, fr, de, it, zh, ja, ko, pt-pt, pt-br, nl, sv, tr, hi | |
| IP address | en, es, fr, de, it, zh, ja, ko, pt-pt, pt-br, nl, sv, tr, hi | |
| Financial information | IBAN | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, af, ca, da, el, ga, gl, ku, nl, no, ss, ro, sq, ur, ar, bg, bs, cy, fa, hr, id, mg, mk, ms, ps, ru, sl, so, sr, sw, am, as, cs, et, eu, fi, he, hu, km, lo, lt, lv, mr, my, ne, or, pa, pl, sk, th, uk, az, bn, gu, hy, ka, kk, kn, ky, ml, mn, ta, te, ug, uz, vi |
| Credit card numbers | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, af, ca, da, el, ga, gl, ku, nl, no, ss, ro, sq, ur, ar, bg, bs, cy, fa, hr, id, mg, mk, ms, ps, ru, sl, so, sr, sw, am, as, cs, et, eu, fi, he, hu, km, lo, lt, lv, mr, my, ne, or, pa, pl, sk, th, uk, az, bn, gu, hy, ka, kk, kn, ky, ml, mn, ta, te, ug, uz, vi | |
| ABA routing number | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, af, ca, da, el, ga, gl, ku, nl, no, ss, ro, sq, ur, ar, bg, bs, cy, fa, hr, id, mg, mk, ms, ps, ru, sl, so, sr, sw, am, as, cs, et, eu, fi, he, hu, km, lo, lt, lv, mr, my, ne, or, pa, pl, sk, th, uk, az, bn, gu, hy, ka, kk, kn, ky, ml, mn, ta, te, ug, uz, vi | |
| Swift code | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, af, ca, da, el, ga, gl, ku, nl, no, ss, ro, sq, ur, ar, bg, bs, cy, fa, hr, id, mg, mk, ms, ps, ru, sl, so, sr, sw, am, as, cs, et, eu, fi, he, hu, km, lo, lt, lv, mr, my, ne, or, pa, pl, sk, th, uk, az, bn, gu, hy, ka, kk, kn, ky, ml, mn, ta, te, ug, uz, vi | |
| Country-specific | U.S. Bank Account Number | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk |
| U.S. Social Security Number (SSN) | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk | |
| U.S. Driver's License Number | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk | |
| U.S. or U.K. Passport Number | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk | |
| U.S. Individual Taxpayer Identification Number (ITIN) | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk | |
| U.K. Driver's License Number | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk | |
| U.K. Unique Taxpayer Reference Number | en, es, fr, de, it, pt-pt, pt-br, zh, ja, ko, nl, sv, tr, hi, da, nl, no, ro, ar, bg, hr, ms, ru, sl, cs, et, fi, he, hu, lv, sk, th, uk |