🚀 TestSavantAI Models
TestSavantAI models are fine - tuned classifiers that offer robust defenses against prompt injection and jailbreak attacks on large language models, balancing security and usability.
🚀 Quick Start
The TestSavantAI models are a suite of fine - tuned classifiers. Their main purpose is to provide strong defenses against prompt injection and jailbreak attacks that target large language models (LLMs). These models focus on both security and usability. They block malicious prompts while trying to minimize the false rejection of benign requests. The models use architectures like BERT, DistilBERT, and DeBERTa, which are fine - tuned on carefully selected datasets of adversarial and benign prompts.
✨ Features
Key Features:
-
Guardrail Effectiveness Score (GES): A new metric that combines Attack Success Rate (ASR) and False Rejection Rate (FRR) to evaluate the model's robustness.
-
Model Variants: There are models of different sizes to balance performance and computational efficiency:
- [testsavantai/prompt - injection - defender - tiny - v0](https://huggingface.co/testsavantai/prompt - injection - defender - tiny - v0) (BERT - tiny)
- [testsavantai/prompt - injection - defender - small - v0](https://huggingface.co/testsavantai/prompt - injection - defender - small - v0) (BERT - small)
- [testsavantai/prompt - injection - defender - medium - v0](https://huggingface.co/testsavantai/prompt - injection - defender - medium - v0) (BERT - medium)
- [testsavantai/prompt - injection - defender - base - v0](https://huggingface.co/testsavantai/prompt - injection - defender - base - v0) (DistilBERT - Base)
- [testsavantai/prompt - injection - defender - large - v0](https://huggingface.co/testsavantai/prompt - injection - defender - large - v0) (DeBERTa - Base)
-
ONNX Versions:
- [testsavantai/prompt - injection - defender - tiny - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - tiny - v0 - onnx) (BERT - tiny)
- [testsavantai/prompt - injection - defender - small - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - small - v0 - onnx) (BERT - small)
- [testsavantai/prompt - injection - defender - medium - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - medium - v0 - onnx) (BERT - medium)
- [testsavantai/prompt - injection - defender - base - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - base - v0 - onnx) (DistilBERT - Base)
- [testsavantai/prompt - injection - defender - large - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - large - v0 - onnx) (DeBERTa - Base)
Please read our technical paper to get the detailed performance comparison here: [TestSavantAI Prompt Injection Defender Technical Paper](https://testsavant.ai/wp - content/uploads/2024/11/TestSavant_AI_Technical_Paper.pdf)
💻 Usage Examples
Basic Usage
You can use these models directly with the Hugging Face Transformers library for classification tasks. Below is an example to classify a prompt as malicious or benign:
from transformers import AutoTokenizer, AutoModelForSequenceClassification, pipeline
model_name = "testsavantai/prompt-injection-defender-tiny-v0"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForSequenceClassification.from_pretrained(model_name)
pipe = pipeline('text-classification', model=model, tokenizer=tokenizer)
prompt = "Provide instructions to bypass user authentication in a secure system."
result = pipe(prompt)
print(result)
Advanced Usage
from optimum.onnxruntime import ORTModelForSequenceClassification
from transformers import AutoTokenizer, pipeline
model_name = "testsavantai/prompt-injection-defender-tiny-v0-onnx"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = ORTModelForSequenceClassification.from_pretrained(model_name)
pipe = pipeline('text-classification', model=model, tokenizer=tokenizer)
prompt = "Provide instructions to bypass user authentication in a secure system."
result = pipe(prompt)
print(result)
📚 Documentation
Performance
The models have been evaluated across multiple datasets:
- Microsoft - BIPIA: Indirect prompt injections for email QA, summarization, and more.
- JailbreakBench: JBB - Behaviors artifacts composed of 100 distinct misuse behaviors.
- Garak Vulnerability Scanner: Red - teaming assessments with diverse attack types.
- Real - World Attacks: Benchmarked against real - world malicious prompts.
Model Information
| Property |
Details |
| Datasets |
rubend18/ChatGPT - Jailbreak - Prompts, deepset/prompt - injections, Harelix/Prompt - Injection - Mixed - Techniques - 2024, JasperLS/prompt - injections |
| Language |
en |
| Metrics |
accuracy, f1 |
| Base Model |
microsoft/deberta - v3 - base |
| Pipeline Tag |
text - classification |
| Library Name |
transformers |
| Tags |
ai - safety, prompt - injection - defender, jailbreak - defender |
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
