OpenAI Releases Privacy Filter for PII Masking

OpenAI released Privacy Filter, an open-weight model for detecting and masking personally identifiable information in text. The model is available under the Apache 2.0 license on GitHub and Hugging Face as openai/privacy-filter. It is 1.5B parameters total with 50M active parameters and supports a 128,000-token context window. The implementation ships with a CLI called opf and example code for on-device and local deployment.

Privacy Filter is pretrained autoregressively to a checkpoint similar to gpt-oss, then converted into a bidirectional token classifier and post-trained with supervised classification loss. Instead of autoregressive generation, the model labels an input sequence in a single forward pass and decodes coherent spans using a constrained Viterbi procedure. For each token the model outputs a probability distribution over an 8-class privacy taxonomy. The repository and model card highlight runtime controls and operating points so teams can tune precision/recall and span-length behavior.

• •Deployment targets: web browsers, laptops, on-prem environments, GPU and CPU runtimes via the provided opf CLI and transformers integration.
• •Key capabilities: permissive license, fine-tunability, long-context processing, runtime precision/recall presets.
• •Interfaces: pipeline token-classification usage and AutoModelForTokenClassification examples for easy integration.

This release reintroduces an open-weight, production-oriented tool from OpenAI focused explicitly on privacy-first preprocessing. Data engineers, MLops, and security teams often rely on ad-hoc regexes or NER models that fail on edge cases and long documents; a purpose-built, context-aware model with a 128k token window reduces the need for chunking and centralizes sanitization before any cloud transit. The permissive Apache 2.0 license makes Privacy Filter attractive for enterprise deployments, auditors, and projects that require code inspection or modification. The small active-parameter footprint and browser/laptop runtime profile signal a deliberate tradeoff toward on-device inference and low-latency, high-throughput pipelines.

Privacy Filter is ready to slot into ETL, data labeling, and training-data sanitization flows where preventing PII leakage is critical for compliance and model safety. Fine-tuning support means teams can adapt labels for domain-specific PII (medical identifiers, account IDs, proprietary codes). The runtime operating points let you tune for fewer false positives when preserving utility matters or higher recall when regulatory risk is paramount.

Evaluate the model on your domain data for false positives and negatives, especially for ambiguous spans and contextual identifiers. Monitor how the community leverages fine-tuning to extend the 8-class taxonomy and whether upstream explanations emerge about the active-parameter mechanism. Adoption will depend on benchmark comparisons with established NER and redaction pipelines and on integration work for streaming or batch sanitization in existing data stacks.

Privacy Filter is a practical, open-weight PII masking model optimized for local-first deployments and high-throughput sanitization. It lowers the bar for teams that must keep sensitive text off cloud services while offering tunability and a long-context advantage.