vigil-llm

deadbits/vigil-llm

⚡ Security scanner for LLM prompts ⚡

486
Stars
55
Forks
16
Open issues
9
Watchers
Python Apache-2.0Last pushed Jan 31, 2024

Overview

Vigil is a Python library and REST API designed to assess Large Language Model (LLM) inputs, detecting injections, jailbreaks, and other security threats. It includes modular scanners with the ability to extend via custom signatures and supports various detection methods including vector databases, heuristics, transformer models, canary tokens, and sentiment analysis.

Categories

Tags

Similar tools

Install

pip install vigil-llm

README

Overview 🏕️

⚡ Security scanner for LLM prompts ⚡

Vigil is a Python library and REST API for assessing Large Language Model prompts and responses against a set of scanners to detect prompt injections, jailbreaks, and other potential threats. This repository also provides the detection signatures and datasets needed to get started with self-hosting.

This application is currently in an alpha state and should be considered experimental / for research purposes.

For an enterprise-ready AI firewall, I kindly refer you to my employer, Robust Intelligence.

Highlights ✨

  • Analyze LLM prompts for common injections and risky inputs
  • Use Vigil as a Python library or REST API
  • Scanners are modular and easily extensible
  • Evaluate detections and pipelines with Vigil-Eval (coming soon)
  • Available scan modules
  • Supports local embeddings and/or OpenAI
  • Signatures and embeddings for common attacks
  • Custom detections via YARA signatures
  • Streamlit web UI playground

Background 🏗️

Prompt Injection Vulnerability occurs when an attacker manipulates a large language model (LLM) through crafted inputs, causing the LLM to unknowingly execute the attacker's intentions. This can be done directly by "jailbreaking" the system prompt or indirectly through manipulated external inputs, potentially leading to data exfiltration, social engineering, and other issues.

These issues are caused by the nature of LLMs themselves, which do not currently separate instructions and data. Although prompt injection attacks are currently unsolvable and there is no defense that will work 100% of the time, by using a layered approach of detecting known techniques you can at least defend against the more common / documented attacks.

Vigil, or a system like it, should not be your only defense - always implement proper security controls and mitigations.

[!NOTE] Keep in mind, LLMs are not yet widely adopted and integrated with other applications, therefore threat actors have less motivation to find new or novel attack vectors. Stay informed on current attacks and adjust your defenses accordingly!

Additional Resources

For more information on prompt injection, I recommend the following resources and following the research being performed by people like Kai Greshake, Simon Willison, and others.

Install Vigil 🛠️

Follow the steps below to install Vigil

A Docker container is also available, but this is not currently recommended.

Clone Repository

Clone the repository or [g