Substitution and Reconstitution
Substitution and reconstitution is the technique of replacing sensitive values in a prompt with reversible tokens before transmission, then restoring the original values in the model's response on the return path.
The substitution step happens at prompt time, inside the user's network boundary. A pattern matcher identifies sensitive entities — names, account numbers, medical record numbers, contract terms, custom-defined patterns — and replaces each with a stable token (for example, PERSON_001, ACCOUNT_002).
The model receives a prompt that contains only tokens and surrounding context. The model's response, which references those tokens, is then reconstituted: each token is mapped back to its original value before the response is shown to the authorized user.
The result is that the model can reason about the structure and relationships in the data without ever seeing the protected values. Every substitution and reconstitution is logged at the prompt level for audit.
An AI Firewall is a software layer that detects and redacts sensitive data — PII, PHI, trade secrets, or custom entity types — from a prompt before it leaves your network boundary and reaches any AI model.
Prompt-time PII redaction is the removal or substitution of personally identifiable information from an AI prompt before it leaves the user's network, so the model and its provider never receive the original values.