Anonymization

Before sending any data to an external AI provider, Vulnotes automatically anonymizes sensitive information. This protects your clients' confidential data even when using cloud-based AI services.

What gets anonymized

The anonymization engine replaces the following types of data with generic placeholders before the AI request is sent:

• Company names - replaced with generic identifiers
• IP addresses - replaced with example IPs
• Domain names and URLs - replaced with example domains
• Email addresses - replaced with generic emails
• Person names - replaced with placeholder names

After the AI generates its response, the placeholders are swapped back with the original values. The result reads naturally with your actual client information, but the AI provider never saw it.

Why it matters

When you use a cloud AI provider (OpenAI, Anthropic, Mistral, etc.), the content you send leaves your infrastructure. Even if these providers have privacy policies and data handling agreements, anonymization adds an extra layer of protection.

This is especially important for penetration testing reports, which by nature contain sensitive information about client infrastructure, vulnerabilities, and security posture.

Fully local alternative

If anonymization is not sufficient for your security requirements, you can configure Vulnotes to use a self-hosted AI provider.So no data ever leaves your network.

See AI Provider Configuration for setup instructions.