OpenAI 剛剛開源了一款工具，能在 ChatGPT 讀取資料前先清除其中的機密資訊

📄完整原文· 由 trafilatura 自動擷取5157 字

In brief - OpenAI released Privacy Filter under Apache 2.0 on GitHub and Hugging Face. - The 1.5 billion-parameter model runs locally and masks names, addresses, and passwords. - It hits 96% F1 on the standard PII-Masking-300k benchmark out of the box. Every day, millions of people paste things into ChatGPT they probably shouldn't. Tax returns. Medical records. Work emails with client names. That weird rash. The API key they swore they'd rotate next week. OpenAI just released a free tool that cleans all of it up before the chatbot ever sees it. It's called Privacy Filter, and it launched this week under the Apache 2.0 license, meaning anyone can download it, use it, modify it, and sell products built on top of it. The model lives on Hugging Face and GitHub, weighs in at 1.5 billion parameters (the metric that measures a model’s potential breadth of knowledge), and is small enough to run on a regular laptop. Think of it as spellcheck, but for privacy. You feed it a block of text, and it hands back the same text with all the sensitive bits swapped for generic placeholders like [PRIVATE_PERSON] or [ACCOUNT_NUMBER]. Remember when people were able to unredact parts of the Jeffrey Epstein files because the Donald Trump administration simply used a black marker to try to hide those secrets? Had they used this model, that wouldn’t have been a problem. What OpenAI's Privacy Filter actually does Privacy Filter scans for eight categories of personal information: names, addresses, emails, phone numbers, URLs, dates, account numbers, and secrets like passwords and API keys. It reads the whole text in one pass, then tags the sensitive parts so they can be masked or redacted. Here's a real example from OpenAI's announcement. You paste in an email that says: "Thanks again for meeting earlier today. (...) For reference, the project file is listed under 4829-1037-5581. If anything changes on your side, feel free to reply here at [email protected] or call me at +1 (415) 555-0124.." Privacy Filter spits back: "Thanks again for meeting earlier today (...) For reference, the project file is listed under [ACCOUNT_NUMBER]. If anything changes on your side, feel free to reply here at [PRIVATE_EMAIL] or call me at [PRIVATE_PHONE]." Instead of dealing with black boxes and markers, it changes the actual text. Plenty of tools already try to catch phone numbers and email addresses. They work by looking for patterns, like "three digits, dash, three digits." That's fine for obvious stuff but falls apart the second things get context-dependent. Is "Annie" a private name or a brand? Is "123 Main Street" a person's home or a business address on a storefront? Pattern matching can't tell. Privacy Filter can, because it actually reads the sentence around it. The model seems to be pretty good at detecting these nuances. OpenAI reports its model scored 96% on a standard benchmark using the PII-Masking-300k dataset out of the box, with a corrected version of the same test pushing it to 97.43%. In other words, it successfully detects private information 96% of the time. Your job, as a privacy-conscious person is to take care of the other 4% The "runs locally" part is the whole point Privacy nerds may see this as a good thing: OpenAI made a model small and powerful enough to run on your machine, meaning your text never leaves your computer to get cleaned. That matters because the alternative, the one most companies currently use, is sending your raw data to some cloud service that claims to be secure and then trusting them. That arrangement does not always age well. It’s also free and open source, so researchers can investigate it, improve it, and use it without worrying about legal consequences. The data gets sanitized on your laptop, and only the scrubbed version travels anywhere else. If you run a small business, it means you can use AI to summarize customer emails without handing the customer's name to a third party. Freelance lawyers can feed case notes into a chatbot without leaking the client. Doctors can draft patient referrals without the patient's identity. Developers can debug code with an AI without pasting their own API keys straight into the prompt, which is apparently a rite of passage nobody talks about. For regular people, the use case is more mundane and more common. You want to ask ChatGPT to rewrite that angry email to your landlord, but you don't love the idea of handing OpenAI your home address. Privacy Filter solves that in one step. Running open-source AI models locally used to be a project for hobbyists with gaming GPUs. It isn't anymore. Tools like LM Studio now make it roughly as hard as installing Spotify. What it is not OpenAI was blunt about the limits. The company warned that Privacy Filter "is not an anonymization tool, a compliance certification, or a substitute for policy review." Translation: don't use it as your only line of defense in a hospital, law firm, or bank. It can miss unusual identifiers, over-redact short sentences, and performs unevenly across languages. It is one tool in a stack, not a compliance checkbox. After all, 96% accuracy is not 100% accuracy.

資料狀態✓ 已擷取全文閱讀原文（Decrypt）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-23

OpenAI 推出醫療版 ChatGPT for Clinicians，99.6% 準確率協助人類醫師（美國免費開放）

相似度 130%關鍵字 openai/chatgpt

2026-04-22

OpenAI 在 ChatGPT 中推出 Workspace Agents 功能

相似度 130%關鍵字 openai/chatgpt

2026-04-21

OpenAI 推出 ChatGPT Images 2.0：文字渲染大進化、支援多圖生成，但「中文生成」仍卡關

相似度 130%關鍵字 openai/chatgpt

2026-04-20

ChatGPT 幕後推手 Srinivas Narayanan 閃辭 OpenAI，一週三已有高層出走

相似度 130%關鍵字 openai/chatgpt

2026-04-17

Ethereum 剛剛經歷了有史以來最繁忙的一季，為三年的復甦畫下句點。

相似度 130%關鍵字 just/ever

2026-04-22

Cardano 的 Leios 升級與 Bitcoin DeFi 工具 Pogun 成為 Input Output 2026 年資助計畫的焦點

相似度 120%關鍵字 tool同分類 hot

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：58aabe8edb

來源：Decrypt

發佈：2026-04-22 15:56:25

分類：hot · 導出分類 hot

標的：未指定

社群投票：+0 / −0 · ⭐ 1 重要 · 💬 0 留言