vigil-llm
deadbits/vigil-llm
⚡ Security scanner for LLM prompts ⚡
Overview
Vigil is a Python library and REST API designed to assess Large Language Model (LLM) inputs, detecting injections, jailbreaks, and other security threats. It includes modular scanners with the ability to extend via custom signatures and supports various detection methods including vector databases, heuristics, transformer models, canary tokens, and sentiment analysis.
Categories
Tags
Similar tools
langflow
langflow-ai/langflow
Langflow is a powerful platform for building and deploying AI-powered agents and workflows.
worldmonitor
koala73/worldmonitor
Real-time global intelligence dashboard
TrendRadar
sansan0/TrendRadar
告别信息过载,你的AI舆情监控助手与热点筛选工具
graphrag
microsoft/graphrag
A modular graph-based Retrieval-Augmented Generation (RAG) system
langfuse
langfuse/langfuse
Langfuse: Open source AI engineering platform for LLM evaluation, observability, and prompt management.
RAG_Techniques
NirDiamant/RAG_Techniques
Advanced RAG Techniques
Install
pip install vigil-llmREADME
Overview 🏕️
⚡ Security scanner for LLM prompts ⚡
Vigil is a Python library and REST API for assessing Large Language Model prompts and responses against a set of scanners to detect prompt injections, jailbreaks, and other potential threats. This repository also provides the detection signatures and datasets needed to get started with self-hosting.
This application is currently in an alpha state and should be considered experimental / for research purposes.
For an enterprise-ready AI firewall, I kindly refer you to my employer, Robust Intelligence.
Highlights ✨
- Analyze LLM prompts for common injections and risky inputs
- Use Vigil as a Python library or REST API
- Scanners are modular and easily extensible
- Evaluate detections and pipelines with Vigil-Eval (coming soon)
- Available scan modules
- Supports local embeddings and/or OpenAI
- Signatures and embeddings for common attacks
- Custom detections via YARA signatures
- Streamlit web UI playground
Background 🏗️
Prompt Injection Vulnerability occurs when an attacker manipulates a large language model (LLM) through crafted inputs, causing the LLM to unknowingly execute the attacker's intentions. This can be done directly by "jailbreaking" the system prompt or indirectly through manipulated external inputs, potentially leading to data exfiltration, social engineering, and other issues.
These issues are caused by the nature of LLMs themselves, which do not currently separate instructions and data. Although prompt injection attacks are currently unsolvable and there is no defense that will work 100% of the time, by using a layered approach of detecting known techniques you can at least defend against the more common / documented attacks.
Vigil, or a system like it, should not be your only defense - always implement proper security controls and mitigations.
[!NOTE] Keep in mind, LLMs are not yet widely adopted and integrated with other applications, therefore threat actors have less motivation to find new or novel attack vectors. Stay informed on current attacks and adjust your defenses accordingly!
Additional Resources
For more information on prompt injection, I recommend the following resources and following the research being performed by people like Kai Greshake, Simon Willison, and others.
- Prompt Injection Primer for Engineers
- OWASP Top 10 for LLM Applications v1.0.1 | OWASP.org
- Securing LLM Systems Against Prompt Injection
Install Vigil 🛠️
Follow the steps below to install Vigil
A Docker container is also available, but this is not currently recommended.
Clone Repository
Clone the repository or [g