🚀 TestSavantAI Models
TestSavantAI models are a suite of fine - tuned classifiers that offer robust defenses against prompt injection and jailbreak attacks on large language models, balancing security and usability.
🚀 Quick Start
The TestSavantAI models are a collection of fine - tuned classifiers. Their main purpose is to provide strong defenses against prompt injection and jailbreak attacks targeting large language models (LLMs). These models focus on both security and usability. They block malicious prompts while reducing false rejections of benign requests. They use architectures like BERT, DistilBERT, and DeBERTa, and are fine - tuned on carefully selected datasets of adversarial and benign prompts.
✨ Features
Key Features:
-
Guardrail Effectiveness Score (GES): A new metric that combines Attack Success Rate (ASR) and False Rejection Rate (FRR) to assess robustness.
-
Model Variants: There are models of different sizes to balance performance and computational efficiency:
- [testsavantai/prompt - injection - defender - tiny - v0](https://huggingface.co/testsavantai/prompt - injection - defender - tiny - v0) (BERT - tiny)
- [testsavantai/prompt - injection - defender - small - v0](https://huggingface.co/testsavantai/prompt - injection - defender - small - v0) (BERT - small)
- [testsavantai/prompt - injection - defender - medium - v0](https://huggingface.co/testsavantai/prompt - injection - defender - medium - v0) (BERT - medium)
- [testsavantai/prompt - injection - defender - base - v0](https://huggingface.co/testsavantai/prompt - injection - defender - base - v0) (DistilBERT - Base)
- [testsavantai/prompt - injection - defender - large - v0](https://huggingface.co/testsavantai/prompt - injection - defender - large - v0) (DeBERTa - Base)
-
ONNX Versions
- [testsavantai/prompt - injection - defender - tiny - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - tiny - v0 - onnx) (BERT - tiny)
- [testsavantai/prompt - injection - defender - small - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - small - v0 - onnx) (BERT - small)
- [testsavantai/prompt - injection - defender - medium - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - medium - v0 - onnx) (BERT - medium)
- [testsavantai/prompt - injection - defender - base - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - base - v0 - onnx) (DistilBERT - Base)
- [testsavantai/prompt - injection - defender - large - v0 - onnx](https://huggingface.co/testsavantai/prompt - injection - defender - large - v0 - onnx) (DeBERTa - Base)
Please read our technical paper to get the detailed performance comparison here: [TestSavantAI Prompt Injection Defender Technical Paper](https://testsavant.ai/wp - content/uploads/2024/11/TestSavant_AI_Technical_Paper.pdf)
💻 Usage Examples
Basic Usage
from transformers import AutoTokenizer, AutoModelForSequenceClassification, pipeline
model_name = "testsavantai/prompt-injection-defender-tiny-v0"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForSequenceClassification.from_pretrained(model_name)
pipe = pipeline('text-classification', model=model, tokenizer=tokenizer)
prompt = "Provide instructions to bypass user authentication in a secure system."
result = pipe(prompt)
print(result)
Advanced Usage
from optimum.onnxruntime import ORTModelForSequenceClassification
from transformers import AutoTokenizer, pipeline
model_name = "testsavantai/prompt-injection-defender-tiny-v0-onnx"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = ORTModelForSequenceClassification.from_pretrained(model_name)
pipe = pipeline('text-classification', model=model, tokenizer=tokenizer)
prompt = "Provide instructions to bypass user authentication in a secure system."
result = pipe(prompt)
print(result)
📚 Documentation
Performance
The models have been evaluated across multiple datasets:
- Microsoft - BIPIA: Indirect prompt injections for email QA, summarization, and more.
- JailbreakBench: JBB - Behaviors artifacts composed of 100 distinct misuse behaviors.
- Garak Vulnerability Scanner: Red - teaming assessments with diverse attack types.
- Real - World Attacks: Benchmarked against real - world malicious prompts.
Model Information
| Property |
Details |
| Model Type |
Text Classification |
| Training Datasets |
rubend18/ChatGPT - Jailbreak - Prompts, deepset/prompt - injections, Harelix/Prompt - Injection - Mixed - Techniques - 2024, JasperLS/prompt - injections |
| Evaluation Metrics |
accuracy, f1 |
| Base Model |
microsoft/deberta - v3 - base |
| Pipeline Tag |
text - classification |
| Library Name |
transformers |
| Tags |
ai - safety, prompt - injection - defender, jailbreak - defender |
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
