CADLP
Published · IEEE ICIRCA 2026 · IEEE Xplore

Stop sensitive data from reaching LLM APIs

CADLP is an open-source proxy layer that intercepts prompts sent to LLM APIs and detects, classifies, and redacts sensitive enterprise data before it leaves the organization. Four-stage pipeline, zero-retention audit logging, utility-preserving redaction.

4
detection stages in cascade pipeline
0
raw prompt content retained in audit logs
UPR
utility-preserving redaction keeps prompts useful
90
tests across unit and integration suites

How it works

The Contextual Sensitivity Classifier (CSC) runs four stages in cascade. Each stage emits a SensitivityMap that drives the Policy Engine, which issues an ALLOW, REDACT, BLOCK, or QUARANTINE decision before the prompt reaches the LLM API.

Prompt Input STAGE 1 Regex + Entropy Fast path credentials / PII STAGE 2 NER + Disambig. names / org codes context-aware STAGE 3 AST Code IP proprietary code import fingerprint STAGE 4 Semantic / KB TF-IDF similarity internal jargon Policy Engine Enterprise Prompt ALLOW / REDACT

1 Regex + Entropy (fast path)

High-confidence structured secrets: API keys, private keys, JWT tokens, SSNs, credit cards, email addresses, and high-entropy opaque strings. Handles ~75% of sensitive prompts with sub-millisecond latency.

2 NER + Disambiguation

Named entity recognition with operational vs. exemplary disambiguation. Entities in hypothetical examples are suppressed; entities in action-verb contexts are escalated. Catches person names, org codes, and ticket IDs.

3 AST Code IP Fingerprinting

Parses embedded code blocks, analyzes import graphs and identifier patterns against an internal symbol corpus. Flags proprietary code fragments that neither regex nor NER can detect.

4 Semantic / KB Similarity

TF-IDF cosine similarity against an internal terminology knowledge base identifies domain-specific jargon and project codenames that appear innocuous to general NER models but carry confidential meaning.

Why CADLP

Shadow AI is the defining enterprise data risk of this decade: employees using consumer LLM tools inadvertently expose credentials, PII, and proprietary code with no organizational visibility once it leaves the network boundary.

Detection coverage

Evaluated on the SEPAD-10K synthetic enterprise prompt benchmark.

Entity typeStageMethodConfidence
API Keys (OpenAI, AWS, etc.)1Regex0.95 – 0.99
Private Keys / JWTs1Regex0.95 – 1.00
SSN / Credit Cards / Email1Regex0.85 – 0.95
High-entropy Secrets1Shannon Entropyvariable
Person Names / Org Codes / Ticket IDs2NER + Disambiguation0.60 – 0.95
Proprietary Code Fragments3AST + Import Analysisvariable
Internal Terminology / Codenames4TF-IDF Similarityvariable

Quick start

Python 3.9+ required. No external dependencies for the base install.

pip install cadlp

from cadlp import ContextualSensitivityClassifier, UtilityPreservingRedactor
from cadlp.policy.engine import PolicyEngine, Action

csc    = ContextualSensitivityClassifier()
upr    = UtilityPreservingRedactor()
policy = PolicyEngine()

prompt   = "Please reset the password for alice@company.com. Her SSN is 234-56-7890."
smap     = csc.classify(prompt)
decision = policy.evaluate(smap)

if decision.action == Action.REDACT:
    result = upr.redact(smap)
    print(result.redacted_prompt)
    # "Please reset the password for [EMAIL_1]. Her SSN is [SSN_1]."

Citation

Gentyala, S. (2026). Contextual Sensitivity Classification and Utility-Preserving Redaction for Enterprise LLM Deployments. IEEE ICIRCA 2026.
IEEE Xplore: ieeexplore.ieee.org/abstract/document/11570292

Reference implementation: github.com/sunilgentyala/cadlp