Pangolin-Guard-Base Open-Source Model - Easily Identify Malicious Prompt Injection and Provide Free AI Security Protection

Pangolin Guard Base

Developed by dcarpintero

A lightweight model based on ModernBERT, focused on identifying malicious prompt injection attacks and providing AI security protection.

Text Classification

Transformers

Open Source License:Apache-2.0 #Prompt Injection Defense #Lightweight Security Model #Self-Hosted Protection

Downloads 83

Release Time : 3/15/2025

Model Overview

Pangolin Guard is a security model designed to address challenges like prompt injection and jailbreaking in large language model (LLM) applications. It can identify malicious prompts to prevent sensitive data leaks or unintended behavior deviations.

Model Features

Lightweight Design

Based on ModernBERT's lightweight architecture, suitable for self-hosting and low-cost deployment.

Open Source Availability

Fully open source, unlike some existing protection models that are not completely open source.

Context Window Optimization

Offers superior context handling compared to models like LlamaGuard, which only support 512 tokens.

Multi-Scenario Protection

Capable of identifying various types of prompt injection attacks, including direct and indirect prompt injections.

Model Capabilities

Malicious Prompt Detection

Prompt Injection Attack Defense

AI Security Protection

Text Classification

Use Cases

AI Security

AI Agent Protection

Provides defense mechanisms against prompt injection attacks for AI agents, preventing malicious users from manipulating AI behavior.

Effectively identifies and blocks malicious prompts, ensuring the safe operation of AI agents.

Conversational Interface Security

Applied in conversational interfaces to detect and filter malicious inputs that may trigger jailbreaking or data leaks.

Enhances the security of conversational systems, reducing the risk of sensitive information leaks.

🚀 PangolinGuard-Base

LLM applications are confronted with critical security challenges such as prompt injections and jailbreaks. These issues may lead to models leaking sensitive data or deviating from their intended behavior. Existing safeguard models are not fully open - source and have limited context windows (e.g., LlamaGuard only has a 512 - token context window).

Pangolin Guard is a lightweight ModernBERT (Base) model designed to discriminate malicious prompts (i.e., prompt injection attacks).

🤗 Tech - Blog | GitHub Repo

✨ Features

Adding a self - hosted, inexpensive defense mechanism against prompt injection attacks to AI agents and conversational interfaces.

📚 Documentation

Evaluation Data

The model is evaluated on unseen data from a subset of specialized benchmarks targeting prompt safety and malicious input detection, while also testing over - defense behavior:

NotInject: This benchmark is designed to measure over - defense in prompt guard models by including benign inputs enriched with trigger words common in prompt injection attacks.
BIPIA: It evaluates privacy invasion attempts and boundary - pushing queries through indirect prompt injection attacks.
Wildguard - Benign: Represents legitimate but potentially ambiguous prompts.
PINT: Evaluates particularly nuanced prompt injection, jailbreaks, and benign prompts that could be misidentified as malicious.

image/png

Inference

from transformers import pipeline

classifier = pipeline("text-classification", "dcarpintero/pangolin-guard-base")
text = "your input text"
output = classifier(text)

Training Procedure

Training Hyperparameters

The following hyperparameters were used during training:

learning_rate: 5e - 05
train_batch_size: 64
eval_batch_size: 32
seed: 42
optimizer: Use OptimizerNames.ADAMW_TORCH_FUSED with betas=(0.9,0.999) and epsilon = 1e - 08 and optimizer_args = No additional optimizer arguments
lr_scheduler_type: linear
num_epochs: 2

Training Results

Training Loss	Epoch	Step	Validation Loss	F1	Accuracy
0.1622	0.1042	100	0.0755	0.9604	0.9741
0.0694	0.2083	200	0.0525	0.9735	0.9828
0.0552	0.3125	300	0.0857	0.9696	0.9810
0.0535	0.4167	400	0.0345	0.9825	0.9889
0.0371	0.5208	500	0.0343	0.9821	0.9887
0.0402	0.625	600	0.0344	0.9836	0.9894
0.037	0.7292	700	0.0282	0.9869	0.9917
0.0265	0.8333	800	0.0229	0.9895	0.9933
0.0285	0.9375	900	0.0240	0.9885	0.9926
0.0191	1.0417	1000	0.0220	0.9908	0.9941
0.0134	1.1458	1100	0.0228	0.9911	0.9943
0.0124	1.25	1200	0.0230	0.9898	0.9935
0.0136	1.3542	1300	0.0212	0.9910	0.9943
0.0088	1.4583	1400	0.0229	0.9911	0.9943
0.0115	1.5625	1500	0.0211	0.9922	0.9950
0.0058	1.6667	1600	0.0233	0.9920	0.9949
0.0119	1.7708	1700	0.0199	0.9916	0.9946
0.0072	1.875	1800	0.0206	0.9925	0.9952
0.007	1.9792	1900	0.0196	0.9923	0.9950

Framework versions

Transformers 4.50.0
Pytorch 2.6.0+cu124
Datasets 3.4.1
Tokenizers 0.21.1

📄 License

This project is licensed under the Apache - 2.0 license.

📦 Information Table

Property	Details
Library Name	transformers
Model Type	pangolin - guard - base
Base Model	answerdotai/ModernBERT - base
Tags	ai - safety, safeguards, guardrails
Metrics	f1, accuracy
License	apache - 2.0

Featured Recommended AI Models

Empowering the Future, Your AI Solution Knowledge Base

English 简体中文繁體中文にほんご