@CloakLLM started as a small personal itch: I wanted to use LLMs without sending people's personal data along with every prompt.
A little middleware that swaps names for tokens before anything leaves your machine. That was the whole idea.
Then I read Article 12 of the EU AI Act - and the project found its real purpose. Log every AI interaction, but retain no personal data. Two mandatory laws pointing in opposite directions - and my little tokenizer was accidentally the resolution.
So I kept building. Tamper-evident audit logs. Signatures. Independent timestamps. A benchmark that once caught my own detector leaking - it's a release gate now. Every version ships with its limitations written down.
This week I released v0.12.0 - the version I'm most proud of. Because of what it removes: me.
There's now a standalone verifier an auditor runs on their own machine to check everything @CloakLLM produces - without my SDK, and without trusting my code.
A solo open-source project. Four packages, ~2,000 tests, ~2,000 downloads a week.
And the feature I'm proudest of is the one that makes trusting me unnecessary.
3 tickets, 3 different answers - they don't know their own rules
I passed their challenge with no problem. But once I got the funded account, my automated trading stopped working, even though the same setup worked fine during the challenge.
I opened 3 tickets and got 3 different answers. One agent had no idea what the previous one said. It turns out funded accounts have different rules than challenge accounts - and those rules are written nowhere. Even their own staff didn't seem to know them.
Every time, a "human agent" offers to help, then disappears with no real answer. You just get looped by their bot.
Honestly, it feels like once you pass and get funded, they just wear you down until you give up. Save yourself the frustration.
Shipped v0.8.0 today - compliance reporting.
Started with v0.6: guarantee no PII ends up in logs. v0.7: bias detection. v0.7.1: align the audit schema with what auditors actually need. v0.8: the report itself — one call, COMPLIANT or NON_COMPLIANT, three output formats, handed directly to the regulator.
Four versions, one coherent stack. MIT, live on PyPI and npm. If you know anyone building in regulated environments who's running LLMs, this is the version that makes the compliance question answerable.
CloakLLM v0.8.0 - generate_compliance_report() ships.
One call. COMPLIANT or NON_COMPLIANT verdict. Per-article evidence rollup. JSON, Markdown, or PDF. The artifact you hand to an EU AI Act auditor.
Four versions to get here. 1,443 tests. MIT.
@vivekonai@CloakLLM Exactly this. Write-time is the only moment that matters; after the log is written, the PII is already there. The hash chain + selective unmasking under subpoena pattern is precisely how you satisfy both Article 12 and data minimization without choosing one over the other.
EU AI Act amendments confirmed. Enforcement delayed.
The deadline has moved. The obligation didn't.
Article 12 logging + GDPR still can't coexist without stripping PII before it hits the log.
#EUAIAct#AIGovernance@CloakLLM
@Dmitriy_Grey_AI@CloakLLM Most are postponing. The infrastructure decision gets deferred to "when enforcement is closer", which means scrambling under pressure rather than building it right.
Shipped CloakLLM v0.6.2, the no-PII-in-logs guarantee is now structural, not convention.
Always-on audit schema validation, cross-SDK canonical JSON, Article 12 MCP default out of the box.
CloakLLM v0.6.2 is live.
The EU AI Act says log everything. GDPR says don't log PII. The only way both are true: PII never reaches the log.
v0.6.2 makes that structural, enforced at the schema level, not convention. Python + JS + MCP. MIT.
https://t.co/9GInw5zild
Same pattern we're seeing at CloakLLM: enterprises aren't waiting for August 2026.
They're building evidence infrastructure now. That's the competitive advantage.
#EUAIAct#LLMs#Compliance
1k downloads/week on CloakLLM. The pattern: regulated enterprises are deploying
PII protection infrastructure now. Not waiting for August. Building the evidence
layer from day one.
#EUAIAct#LLMs
v0.5.2 shipped - CloakLLM's detection pipeline is fully pluggable now. Anyone can write a custom backend and slot it in. Two releases, two open layers. Tool → infrastructure.
CloakLLM v0.5.2: Pluggable Detection Backends.
Write your own PII detection engine, plug it into the pipeline. The detection layer is now yours to extend. Both Python and JS. MIT licensed. https://t.co/9GInw5zild
My Boyfriend asked why I was smiling at 4 AM.
Showed her the terminal.
"What are all those green numbers?"
$1,129. Made while she slept.
"Doing what?"
Nothing. Claude scanned 14,000 wallets, found 47 that never lose, built a bot that copies them.
She watched for 10 seconds:
+$3.87 captured
+$6.42 captured
+$12.71 captured
"It just keeps going?"
Every few seconds. New line. New money.
"How much did you start with?"
$300. Now $1,429. Eleven hours. Asleep.
"What does it do?"
Buys at $0.48. Sells at $0.52. Pockets $0.04. Who wins doesn't matter.
"That's legal?"
Citadel does this on NYSE daily. 400 engineers. I have one screen.
She looked at the P&L curve. Never dips. Just climbs.
"Can you make me one?"
Setting hers up now.
She still doesn't get how it works.
The bot doesn't care.
You only need Claude + laptop + 1 hour/day.
Giving This Free for 24 hours. To get it:
1. Comment the word 'Claude'
2. Like and Retweet this post
3. Follow me @marryevan999 (so i can DM you)
Shipped v0.5.1 - the big addition is a Normalized Token Standard. A formal spec so any tool can tokenize PII the same way. Building open infrastructure, not just features.
CloakLLM v0.5.1 is live. New: Normalized Token Standard - a formal spec for PII tokenization in LLM API calls. Any tool can implement it. Not just us. Open source. MIT licensed. https://t.co/9GInw5zild
CloakLLM v0.5.1 is live. New: Normalized Token Standard - a formal spec for PII tokenization in LLM API calls. Any tool can implement it. Not just us. Open source. MIT licensed. https://t.co/9GInw5zild
Every company using LLMs is sending data somewhere. When AI projects stall over compliance, employees don't stop — they paste customer data into ChatGPT with zero protection. That's why I founded CloakLLM.
https://t.co/l6AxN4s7cN
@CloakLLM
Shipped context risk analysis in CloakLLM. Replacing PII with tokens was step one. Step two: detecting when the surrounding context still makes re-identification possible. Three heuristic signals, zero false sense of security.
CloakLLM v0.5.0: Context Risk Analysis.
"[PERSON_0], CEO of [ORG_0]" — tokenized, but one Google search from identified.
ContextAnalyzer scores re-identification risk: token density, descriptors, relationship edges.
pip install cloakllm==0.5.0
https://t.co/lIoIDLO29M