Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Other Masking Method

While JSONPath is excellent for finding and masking specific JSON keys (e.g., $..password), it is not the only solution, and in the context of AI and MCP (Model Context Protocol), relying solely on JSONPath is actually dangerous.

Here is why: JSONPath only understands the structure of the data. If a user sends a prompt to an AI model that looks like this:

{
  "user_prompt": "Hi, my name is John Doe and my SSN is 123-45-678. Can you help me?"
}

JSONPath cannot help you here unless you drop the entire user_prompt field, which defeats the purpose of the AI call. The PII is embedded inside unstructured text.

To fully fulfill your Privacy & Data Masking requirement, here are the alternative and complementary solutions used in the industry, ranging from simple to advanced.

1. Pattern Matching (Regular Expressions)

Instead of searching for JSON keys, you scan the raw JSON string (or specific string values) for known patterns of sensitive data.

  • How it works: You run Regex patterns for Credit Cards, SSNs, Emails, Phone Numbers, and IP addresses across the payload and replace matches with ***.
  • Pros:
    • Catches PII embedded inside unstructured text (e.g., inside an LLM prompt).
    • Very fast to execute.
  • Cons:
    • Cannot detect names, physical addresses, or context-specific secrets easily.
    • High risk of false positives (e.g., catching a 9-digit product ID and thinking it’s an SSN).

2. Named Entity Recognition (NER) / NLP-based Masking

This is the gold standard for AI-facing API gateways. You use a lightweight, local Natural Language Processing (NLP) model to read the text and intelligently identify entities.

  • How it works: Libraries like Microsoft Presidio (open-source, widely used for AI data masking) or spaCy analyze the text. They understand context, so they know “John Doe” is a PERSON and “Seattle” is a LOCATION.
  • Pros:
    • Incredible accuracy for unstructured text.
    • Catches complex PII like names, addresses, and organizations.
  • Cons:
    • Requires running an NLP engine (adds computational overhead/latency).
    • Overkill if your payloads are strictly structured machine-to-machine data.

3. Schema-Driven Masking (OpenAPI / JSON Schema)

Since I see you are working within the NetworkNT ecosystem (a framework heavily driven by OpenAPI specifications), this is a highly native alternative to JSONPath.

  • How it works: Instead of evaluating paths at runtime, you define what is sensitive directly in your openapi.yaml using vendor extensions (e.g., x-mask: true or x-pii: true). 
    properties:
  socialSecurity:
    type: string
    x-mask: true
    During the request/response lifecycle, your middleware checks the OpenAPI schema tree (which is already parsed and cached) and masks the corresponding fields during serialization/deserialization.
  • Pros:
    • Much faster than JSONPath, because you aren’t doing deep-scans on every request.
    • Centralized governance (Security teams can look at the OpenAPI spec and immediately know what is masked).
  • Cons:
    • Only works if you have a strict schema. If the AI hallucinates a new field or uses dynamic tool-call arguments, the schema might not catch it.

4. Cloud Data Loss Prevention (DLP) APIs

If you don’t want to build the masking engine yourself, you can offload it to a dedicated cloud service.

  • How it works: You send the payload to Google Cloud DLP, AWS Macie, or Nightfall AI. They scan it, mask the PII using their massive AI models, and return the safe payload.
  • Pros: Enterprise-grade accuracy. Low maintenance.
  • Cons: Adds significant network latency to every MCP call. Costs money per API call.

Recommendation for your MCP Mask Module

For an MCP (Model Context Protocol) tool/call, the data usually flows in two ways:

  1. Strictly structured data: (The AI calling a tool with specific JSON arguments).
  2. Unstructured data: (The user’s prompt, or the AI’s textual response).

The best architectural approach is a Hybrid System:

  1. Use JSONPath (or Schema-Driven Masking) for the Structure: Use this to aggressively drop or mask known sensitive keys (e.g., $..password, $..api_key, $..credit_card). This is your first line of defense.
  2. Use Regex/Presidio for the Values: For the remaining text fields (like arguments.user_input or content.text), run a Regex or NER scanner to catch PII (SSNs, emails, names) that a user might have accidentally typed into the free-text prompt before it hits the LLM.

If you must choose just one simple, zero-dependency alternative to JSONPath that catches unstructured data, Regular Expressions applied only to JSON string values is the most common starting point.