Agent PII Sentinel

A proxy layer that intercepts and redacts PII before an autonomous web agent submits it to any endpoint.

Difficulty: weekend | Stack: Python, mitmproxy, Playwright, spaCy, FastAPI

Who this is for

Developers building web automation agents who want a drop-in safety net that prevents social-engineering attacks from extracting sensitive user data during task execution.

Build steps

1. Stand up a mitmproxy addon that intercepts all outbound POST/PUT requests made by a Playwright-driven browser agent and logs the full request body.
2. Integrate spaCy’s NER pipeline (plus regex patterns for SSN, credit card, phone) to scan intercepted payloads for PII tokens before they leave the machine.
3. If PII is detected, block the request, redact the sensitive fields, and emit a structured alert (JSON) including the offending URL, field name, and PII category — without logging the raw value.
4. Build a small FastAPI dashboard that streams live alerts so a developer can see in real time which sites triggered the sentinel during an agent run.
5. Write a test suite using a local Flask ‘scam site’ that asks for SSN and card number, and assert that the sentinel blocks 100% of those submissions while allowing benign form data through.

Risks

• mitmproxy SSL interception may break sites that use certificate pinning, requiring per-site workarounds or a custom CA setup that adds setup friction.
• spaCy NER misses novel PII formats (e.g., IBAN, passport numbers) and produces false positives on benign numeric strings, so the block/allow threshold needs tuning per deployment.
• Intercepting at the network layer adds measurable latency (~50-200 ms per request), which can cause timeout failures in time-sensitive agent tasks.