Research
Papers
Open research from the KlusAI privacy program. Each paper ships a working artifact — a benchmark, dataset, or model — not just a writeup.
Detection Is Not Re-identification: A Unified Dissociation and an Open Protector for European De-identification
On real external legal gold (TAB ECHR; Pilán et al. 2022), a CJEU-structure-trained checkpoint attains the lowest direct-identifier leak rate, 0.095 (95% CI 0.065–0.136, n = 264 DIRECT subjects), versus the next-best 0.496 (spaCy) and 0.500 (Presidio) — a paired-bootstrap improvement of Δ = −0.40 (95% CI −0.477 to −0.322), 3-seed confirmed; it is openly released as klusai/kp-deid-xlmr-560m-legal. The point is the dissociation, not a leaderboard win: detection F1 does not track re-identification protection. The same dissociation holds across three decode-bearing national-ID schemes (RO CNP, PL PESEL, IT codice fiscale) where a high-F1 detector (GLiNER, F1 0.85) still leaks 30.2% of CNP subjects while an openly-released protector leaks 0% at F1 0.74. We reserve 're-identification' for the deterministic national-ID channel; the TAB axis is direct-identifier protection that bounds re-identification risk. Synthetic real-skeleton numbers are config_status = dev (a finding, not yet citable); the TAB direct-identifier result is on real external gold and is citable within its stated scope (single board, single architecture, TAB-EN-legal). No SOTA claim.
EuroPriv-Bench: A Unified Pan-European De-identification Benchmark with Re-identification Risk Metrics
Detection F1 doesn't predict privacy on decode-bearing national identifiers: the weakest PII detector leaks the fewest Romanian national IDs (1.4%), while the strongest leak 26–35%. Aggregate F1 stays high while a model misses the rare, high-stakes tokens that carry the re-identification — national IDs are the clearest provable case. A unified, openly-licensed pan-European de-identification benchmark that scores re-identification risk — not just detection F1.