Love this video from Don, he articulates the options so clearly 
Yes VAST has the capability (and is building futher capabilities!) to run trigger-based functions like anonymization or removal of PII/PHI before sending data to 3rd party models. These triggered functions are essential in a lot of use cases, but particularly in risk mitigation and handling governance.