The faster organizations adopt AI tools, the faster PII ends up in places it shouldn't be — pasted into prompts, logged by agent frameworks, exported into shared workspaces. Auditing for that exposure means scanning the artifacts those tools leave behind.
This walks through scanning a local directory of audit logs (or any other dump) for PII.
Prerequisites
- The Blue Lantern on-prem toolkit installed.
- Credits allocated (or auto-refresh enabled).
- A local directory you want to scan.
- A scan caps out at 500 credits (~$0.50) regardless of how many files are in scope.
Running the scan
bluelantern --target ./some-directory-to-scan run pii-scanner
Results land in /results in your configured data directory. Run bluelantern ui to browse them at http://localhost:9090/results.
What you'll do with the results
PII findings are a starting point, not an answer. The scanner identifies probable PII — names, emails, identifiers, credit-card-shaped strings, and so on — but classification context (is this customer data? employee data? test fixtures?) lives in your environment, not the scanner. Triage the report against what each directory is supposed to contain.
If you find PII that shouldn't be there, the next steps are usually: rotate any exposed credentials, scrub the source, and figure out how the data got there in the first place.