Skip to Content
Scanning & DetectionLLM Assist

LLM Assist

LLM Assist is an AI-powered feature that reduces false positives by sending borderline findings to a large language model for contextual analysis. It acts as a second opinion on findings where pattern-based classifiers alone cannot determine with high confidence whether data is truly sensitive.

How It Works

  1. Finding Triage — After classifiers run, findings with confidence scores in the configurable ambiguous range are flagged for AI review.
  2. Context Extraction — The system extracts a minimal context window around each flagged finding (surrounding text, file metadata, column headers for structured data).
  3. AI Query — The context is sent to the AI model with a structured prompt asking whether the detected data is genuinely sensitive.
  4. Confidence Adjustment — Based on the AI’s response, the finding’s confidence score is adjusted up (confirmed) or down (dismissed).
  5. Result Merge — Adjusted findings are merged back into the scan results.

Multi-Provider Pipeline

Slim.io uses a multi-provider AI orchestrator with automatic failover. If the primary provider is unavailable or returns an error, the system automatically fails over to the next provider. This ensures LLM Assist remains available even during provider outages.

The multi-provider pipeline is fully managed by Slim.io. You do not need to provide API keys for any AI provider. All processing costs are included in the LLM Assist module pricing.

Deployment Modes

Slim-Hosted (Default)

In slim-hosted mode, data context is sent to Slim.io’s AI pipeline for analysis:

  • Data leaves the customer’s cloud environment temporarily for AI processing
  • Context windows are minimal (typically under 1 KB per finding)
  • No data is stored in any provider’s systems (all providers configured with data processing agreements)
  • Processing occurs in the same region as the Slim.io backend

Client-Hosted (BYOC)

In client-hosted mode, the AI model runs inside the customer’s own infrastructure:

  • A containerized inference service is deployed in the customer’s VPC
  • No data leaves the customer’s cloud boundary
  • The customer provides the compute resources (GPU instances)
  • Slim.io provides the model weights and inference container image
  • Supported on AWS (SageMaker, ECS), GCP (Vertex AI, GKE), and Azure (AML, AKS)

Client-hosted LLM Assist requires GPU-capable instances and is significantly more expensive to operate than the slim-hosted option. It is recommended only for organizations with strict data residency requirements that prohibit any external data transfer.

Configuration

Confidence Thresholds

Configure which findings are sent to LLM Assist by adjusting the configurable ambiguous range. Findings below the floor are discarded, findings above the ceiling are accepted as-is, and findings inside the range are sent for AI review:

llm_assist:
  enabled: true
  min_confidence: <floor>   # Findings below this are discarded without AI review
  max_confidence: <ceiling> # Findings above this are accepted without AI review
  max_findings_per_scan: 1000  # Cap on AI queries per scan job

The default floor and ceiling are tuned by Slim.io and exposed via the dashboard UI under Settings > Detection. You can override them per environment.

Category Overrides

Override the configurable ambiguous range for specific PII categories — for example, more aggressive review for financial data, less aggressive for high-precision regex matches like email:

llm_assist:
  category_overrides:
    - category: Credit Card
      min_confidence: <floor>
      max_confidence: <ceiling>
    - category: Email
      min_confidence: <floor>
      max_confidence: <ceiling>

Accuracy Metrics

LLM Assist reports accuracy metrics per scan:

MetricDescription
Findings ReviewedCount of findings sent to AI
ConfirmedFindings where AI agreed with the classifier
DismissedFindings where AI determined the match was a false positive
UpgradedFindings where AI increased the confidence score
Accuracy RatePercentage of AI decisions validated by human review (when available)

These metrics are available in the Scan Monitor and via the API.

Cost Optimization

LLM Assist costs are driven by the number of findings sent for review. To optimize:

  • Tune classifier confidence scores to reduce ambiguous findings
  • Use proximity classifiers to increase base confidence
  • Set max_findings_per_scan to cap AI usage on large scans
  • Write suppression rules for known false positive patterns (they are filtered out before AI review)
Last updated on
Detection-as-Code (YAML)Event-Driven Scanning