Back to Insights

Sanitisation & Redaction

Why Generic Tools Can’t Sanitise Consulting Decks

Wesley Blackhurst 8 min read
Why Generic Tools Can’t Sanitise Consulting Decks
Key takeaway: Stripping a client's name and logo from a deck is now table stakes — ChatGPT, keyword redaction tools and manual review all manage it. The hard part is judgment: generic tools act on patterns rather than meaning, so they catch confidential non-public information only inconsistently and can't reliably keep the reusable analysis while removing only what's tied to the client. And none of them reach what sits below the surface — hidden code-level traces and the data behind charts. Sanitising a consulting deck properly takes a purpose-built tool that does all of this at once.

Last updated: July 2026

Every consulting firm that wants to reuse its own work, or feed it to AI, hits the same wall: the decks are full of confidential client material. There are four common ways firms try to get past it — hand the deck to a general AI tool like ChatGPT or Claude, run a keyword or pattern-based redaction tool, sanitise it by hand, or use something purpose-built for consulting. Three of the four fall short, and they fall short on the same things.

First, the part that has genuinely changed. Removing client identifiers — names, logos, brand colours — is now close to a solved problem. A modern AI tool will do it. Even keyword tools handle the exact strings you give them. So "does it catch the client's name" is no longer a useful question. It is table stakes. The risk moved on; the tools people reach for did not.

Here is how the four approaches compare on the criteria that decide whether a sanitised deck is genuinely safe to reuse.

Criterion Generic AI (ChatGPT / Claude) Keyword redaction tools Manual review Purpose-built for consulting
Removes client identifiers — names, logos (table stakes) Yes Yes (exact matches) Yes (but slow) Yes
Detects non-public information — benchmarks, confidential views, strategy with no name attached Inconsistent No Partial (misses across long decks) Yes
Removes hidden, code-level traces — embedded chart data, logo URLs, file metadata No No No Yes
Sanitises charts — obfuscates values, not just the picture No No Partial (misses embedded data) Yes

The pattern is the same across the three generic approaches: they clear the row everyone already passes, and fall short on the rows that matter. Here is why.

1. It acts on patterns, not meaning

Sanitising a consulting deck is a judgment call: which parts are tied to the client and have to go, and which are reusable analysis that has to stay. Both sides of that call are hard. The information that causes breaches usually carries no identifier at all — a client's confidential margin reused as an "industry benchmark," a view shared in confidence, an unpublished figure. And on a single market-sizing slide, a public method, a generic framework and one confidential client number can sit woven together, where the value is in keeping the first two and removing only the third.

Generic tools can't reliably make that call, because they act on patterns rather than meaning. A keyword tool only removes the exact strings you type in, and nobody types in a number they don't know is sensitive. A general AI does better — it can sometimes flag a confidential-looking figure — but only inconsistently: it has no reliable way to know the number on slide 14 is a client's private data rather than a public statistic. A human reviewer catches some and misses more the longer the deck runs.

So it fails in both directions. Take too little and confidential detail stays in — and "usually catches it" is a liability, not a safeguard, when one missed figure is a breach. Take too much and the deck is hollowed out, the reusable thinking stripped along with the client data. Getting it right means recognising what each element on a slide actually is, in context — the one thing pattern-matching can't do.

How this becomes a client breach: A firm runs Client A's pricing deck through a general AI cleaner. The name and logo go — table stakes. But one line stays: the incumbent holds a 34% gross margin and plans to hold list prices through 2027. No name is attached, so the tool never flags it. The clean-looking deck lands in the firm's AI knowledge base. Months later a consultant serving Client B — A's direct competitor — asks the firm's AI assistant for margin benchmarks in the sector. It retrieves the slide and answers: one operator runs a 34% gross margin and intends to hold prices through 2027. Client B now has Client A's confidential position, handed over by the firm's own AI, with no client name ever appearing.

2. What sits below the surface: hidden traces and charts

A slide is not only what you see. Embedded charts carry the original spreadsheet inside the file. A pasted logo often carries a URL pointing back to the client's own site. File metadata and workbook names carry the client's name in plain text. You can delete every visible logo and the deck can still identify the client through the code underneath it.

Charts are the sharpest example. A chart is backed by its data, so changing the picture doesn't change the numbers travelling inside the file — and truly sanitising a chart means obfuscating the underlying values while preserving the shape and the point it makes. Generic AI tools and keyword tools work on the visible text; they never reach these code-level traces or the data behind a chart. Manual reviewers can't see them at all — they are invisible in the slide view. This is why a deck that passed a human review can still fail the moment someone opens the underlying file, and why tools built for PDFs miss it entirely: the sensitivity is in the PowerPoint structure, not the rendered page.

How this becomes a client breach: The same firm sanitises a market-share deck: every visible logo removed, the client's name gone from every slide. But one chart was pasted straight from Excel, and its embedded workbook still holds the client's name and the underlying regional revenue figures — the slide itself shows only percentages. Into the knowledge base it goes. When the AI platform indexes the file it reads the embedded data, not just the picture, so a later query returns the client's real revenue split — or cites a source document named Project-Falcon-[Client]-pricing-final.pptx. The slide looked clean. The file wasn't. The breach comes from the layer no one was looking at.

What purpose-built actually means

Sanitising a consulting deck properly means doing all of this at once: recognising consulting confidentiality in context — not just personal data, but client identities, benchmarks, strategy, deal terms and cross-client contamination — reaching the code level so hidden traces and chart data go too, and drawing the client / non-client line precisely enough that the output is a clean, editable PowerPoint that keeps its analytical value.

That is a different category of tool from a general chatbot, a PDF redactor or a knowledge manager with a long afternoon. It is the difference between a deck that looks sanitised and one that is. If you are working out how to make your firm's knowledge safely reusable — for teams, for business development, or for the AI you are building on top of it — that is the bar to measure any approach against.

More on the alternatives and where each breaks down: three approaches to reusing confidential decks, manual versus automated redaction, and the complete guide to consulting redaction. For the full category overview, see AI sanitisation software for consulting firms.

FAQ

Frequently Asked Questions

Can I use ChatGPT or Claude to redact a consulting deck?

They remove obvious identifiers such as client names and logos well, but that is the easy part. They detect confidential non-public information only inconsistently — a general model has no reliable way to tell a client’s private figure from a public statistic, so it catches some and misses others. They work on visible text, so they miss hidden code-level traces and the data behind charts. And they are not precise enough to separate client-specific detail from the reusable analysis around it, so they tend to remove too much or too little. Fine for identifiers; not sufficient for a consulting deck on their own.

Why don’t keyword or PDF redaction tools work for consulting decks?

Keyword and pattern-based tools were built to catch personal data (names, card numbers) in PDFs. They only remove the exact strings you specify, so they miss confidential information nobody knew to flag — a client’s margin, a strategic intention, an unpublished figure. They also work on the rendered page rather than the PowerPoint structure, so they leave hidden code-level traces such as embedded chart data and logo URLs. And they act on matches rather than meaning, so they cannot separate client-specific detail from the reusable analysis around it.

What are "code-level" traces in a PowerPoint deck?

A PowerPoint file contains more than the visible slides. Charts store the original underlying spreadsheet, pasted images can carry URLs back to the source, and file metadata and embedded workbook names often contain the client’s name in plain text. Removing the visible logo or text does not remove these — they sit in the file’s XML structure. Sanitising at the code level means cleaning the file itself, including the data behind charts, not just what appears on screen, which manual review and surface-level tools cannot do.

Isn’t manual sanitisation the safest option?

Manual review can, in principle, catch non-public information and it preserves the deck — but in practice it is slow (4–8 hours for a strategy deck), inconsistent, and degrades across long decks. It also cannot see code-level traces embedded in the file or the data behind charts. Because it does not scale, most decks never get sanitised at all, which is how firms end up reusing under 5% of their knowledge. It is a real option, but not sufficient on its own.

Want to see how Knovari handles consulting deliverables?

Book a demo