Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

RedacBench: Can AI Erase Your Secrets?

Hyunjun Jeon, Kyuyoung Kim, Jinwoo Shin

Abstract

Modern language models can readily extract sensitive information from unstructured text, making redaction -- the selective removal of such information -- critical for data security. However, existing benchmarks for redaction typically focus on predefined categories of data such as personally identifiable information (PII) or evaluate specific techniques like masking. To address this limitation, we introduce RedacBench, a comprehensive benchmark for evaluating policy-conditioned redaction across domains and strategies. Constructed from 514 human-authored texts spanning individual, corporate, and government sources, paired with 187 security policies, RedacBench measures a model's ability to selectively remove policy-violating information while preserving the original semantics. We quantify performance using 8,053 annotated propositions that capture all inferable information in each text. This enables assessment of both security -- the removal of sensitive propositions -- and utility -- the preservation of non-sensitive propositions. Experiments across multiple redaction strategies and state-of-the-art language models show that while more advanced models can improve security, preserving utility remains a challenge. To facilitate future research, we release RedacBench along with a web-based playground for dataset customization and evaluation. Available at https://hyunjunian.github.io/redaction-playground/.

RedacBench: Can AI Erase Your Secrets?

Abstract

Modern language models can readily extract sensitive information from unstructured text, making redaction -- the selective removal of such information -- critical for data security. However, existing benchmarks for redaction typically focus on predefined categories of data such as personally identifiable information (PII) or evaluate specific techniques like masking. To address this limitation, we introduce RedacBench, a comprehensive benchmark for evaluating policy-conditioned redaction across domains and strategies. Constructed from 514 human-authored texts spanning individual, corporate, and government sources, paired with 187 security policies, RedacBench measures a model's ability to selectively remove policy-violating information while preserving the original semantics. We quantify performance using 8,053 annotated propositions that capture all inferable information in each text. This enables assessment of both security -- the removal of sensitive propositions -- and utility -- the preservation of non-sensitive propositions. Experiments across multiple redaction strategies and state-of-the-art language models show that while more advanced models can improve security, preserving utility remains a challenge. To facilitate future research, we release RedacBench along with a web-based playground for dataset customization and evaluation. Available at https://hyunjunian.github.io/redaction-playground/.
Paper Structure (32 sections, 3 figures, 7 tables)

This paper contains 32 sections, 3 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Benchmark
  3. Task Definition
  4. Evaluation Framework
  5. Dataset Construction
  6. Original Texts.
  7. Propositions.
  8. Policies.
  9. Evaluation
  10. Redaction Methods
  11. Evaluation Model
  12. False Negative Rate.
  13. False Positive Rate.
  14. Results
  15. Related Work
  16. ...and 17 more sections

Figures (3)

  • Figure 1: Conceptual illustration of the RedacBench. First, the target solution performs redaction on the given text according to the specified security policy. Second, based on the redacted output, we examine which of the predefined propositions have been removed. Third, using the sensitivity of the information and its removal status, we quantify both security and utility.
  • Figure 2: Utility-security trade-off graphs. (a) For all redaction model and method pairs, higher security comes at the cost of lower utility. (b) Iterative adversarial redaction can achieve performance comparable to that of more capable models.
  • Figure 3: Utility-security trade-off graphs. (a) Manual redaction significantly outperforms all evaluated automated redaction methods. (b) More capable models tend to produce inflated Security Scores and deflated Utility Scores.