---
title: "vigil-llm"
type: "tool"
slug: "deadbits-vigil-llm"
canonical_url: "https://www.graphcanon.com/tools/deadbits-vigil-llm"
github_url: "https://github.com/deadbits/vigil-llm"
homepage_url: "https://vigil.deadbits.ai/"
stars: 486
forks: 55
primary_language: "Python"
license: "Apache-2.0"
categories: ["evaluation-observability"]
tags: ["llmops", "adversarial-attacks", "prompt-injection", "security-tools", "large-language-models", "adversarial-machine-learning", "yara-scanner", "llm-security"]
updated_at: "2026-07-07T18:50:05.649777+00:00"
---

# vigil-llm

> ⚡ Security scanner for LLM prompts ⚡

Vigil is a Python library and REST API designed to assess Large Language Model (LLM) inputs, detecting injections, jailbreaks, and other security threats. It includes modular scanners with the ability to extend via custom signatures and supports various detection methods including vector databases, heuristics, transformer models, canary tokens, and sentiment analysis.

## Facts

- Repository: https://github.com/deadbits/vigil-llm
- Homepage: https://vigil.deadbits.ai/
- Stars: 486 · Forks: 55 · Open issues: 16 · Watchers: 9
- Primary language: Python
- License: Apache-2.0
- Last pushed: 2024-01-31T18:43:41+00:00

## Categories

- [Evaluation & Observability](/categories/evaluation-observability.md)

## Tags

llmops, adversarial-attacks, prompt-injection, security-tools, large language models, adversarial-machine-learning, yara-scanner, llm-security

## Related tools

- [langflow](/tools/langflow-ai-langflow.md) - Langflow is a powerful platform for building and deploying AI-powered agents and workflows. (★ 151,298)
- [graphrag](/tools/microsoft-graphrag.md) - A modular graph-based Retrieval-Augmented Generation (RAG) system (★ 34,239)
- [langfuse](/tools/langfuse-langfuse.md) - Langfuse: Open source AI engineering platform for LLM evaluation, observability, and prompt management. (★ 30,626)
- [RAG_Techniques](/tools/nirdiamant-rag-techniques.md) - Advanced RAG Techniques (★ 28,398)
- [mlflow](/tools/mlflow-mlflow.md) - The open source AI engineering platform for agents, LLMs, and ML models. (★ 26,921)
- [llm-action](/tools/liguodongiot-llm-action.md) - 分享大模型技术原理和实战经验，涵盖工程化、应用落地 (★ 24,670)
- [awesome-n8n-templates](/tools/enescingoz-awesome-n8n-templates.md) - The largest open-source collection of n8n automation templates on GitHub. (★ 23,714)
- [promptfoo](/tools/promptfoo-promptfoo.md) - Test your prompts, agents, and RAGs. Evaluate LLM performance with red teaming/pentesting/vulnerability scanning. (★ 23,003)

## README (excerpt)

```text
## Overview 🏕️
⚡ Security scanner for LLM prompts ⚡

`Vigil` is a Python library and REST API for assessing Large Language Model prompts and responses against a set of scanners to detect prompt injections, jailbreaks, and other potential threats. This repository also provides the detection signatures and datasets needed to get started with self-hosting.

This application is currently in an **alpha** state and should be considered experimental / for research purposes. 

For an enterprise-ready AI firewall, I kindly refer you to my employer, [Robust Intelligence](https://www.robustintelligence.com).

* **[Full documentation](https://vigil.deadbits.ai)**
* **[Release Blog](https://vigil.deadbits.ai/overview/background)**

## Highlights ✨

* Analyze LLM prompts for common injections and risky inputs
* [Use Vigil as a Python library](#using-in-python) or [REST API](#running-api-server)
* Scanners are modular and easily extensible
* Evaluate detections and pipelines with **Vigil-Eval** (coming soon)
* Available scan modules
    * [x] Vector database / text similarity
      * [Auto-updating on detected prompts](https://vigil.deadbits.ai/overview/use-vigil/auto-updating-vector-database)
    * [x] Heuristics via [YARA](https://virustotal.github.io/yara)
    * [x] Transformer model
    * [x] Prompt-response similarity
    * [x] Canary Tokens
    * [x] Sentiment analysis 
    * [ ] Relevance (via [LiteLLM](https://docs.litellm.ai/docs/))
    * [ ] Paraphrasing
* Supports [local embeddings](https://www.sbert.net/) and/or [OpenAI](https://platform.openai.com/)
* Signatures and embeddings for common attacks
* Custom detections via YARA signatures
* [Streamlit web UI playground](https://vigil.deadbits.ai/overview/use-vigil/web-server/web-ui-playground)

## Background 🏗️

> Prompt Injection Vulnerability occurs when an attacker manipulates a large language model (LLM) through crafted inputs, causing the LLM to unknowingly execute the attacker's intentions. This can be done directly by "jailbreaking" the system prompt or indirectly through manipulated external inputs, potentially leading to data exfiltration, social engineering, and other issues.
- [LLM01 - OWASP Top 10 for LLM Applications v1.0.1 | OWASP.org](https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-v1_0_1.pdf)

These issues are caused by the nature of LLMs themselves, which do not currently separate instructions and data. Although prompt injection attacks are currently unsolvable and there is no defense that will work 100% of the time, by using a layered approach of detecting known techniques you can at least defend against the more common / documented attacks. 

`Vigil`, or a system like it, should not be your only defense - always implement proper security controls and mitigations.

> [!NOTE]
> Keep in mind, LLMs are not yet widely adopted and integrated with other applications, therefore threat actors have less motivation to find new or novel attack vectors. Stay informed on current attacks and adjust your defenses accordingly!

**Additional Resources**

For more information on prompt injection, I recommend the following resources and following the research being performed by people like [Kai Greshake](https://kai-greshake.de/), [Simon Willison](https://simonwillison.net/search/?q=prompt+injection&tag=promptinjection), and others.

* [Prompt Injection Primer for Engineers](https://github.com/jthack/PIPE)
* [OWASP Top 10 for LLM Applications v1.0.1 | OWASP.org](https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-v1_0_1.pdf)
* [Securing LLM Systems Against Prompt Injection](https://developer.nvidia.com/blog/securing-llm-systems-against-prompt-injection/)

## Install Vigil 🛠️

Follow the steps below to install Vigil

A [Docker container](docs/docker.md) is also available, but this is not currently recommended.

### Clone Repository
Clone the repository or [g
```

---

**Machine-readable endpoints**

- JSON: [`/api/graphcanon/tools/deadbits-vigil-llm`](/api/graphcanon/tools/deadbits-vigil-llm)
- LLM index: [/llms.txt](/llms.txt)
- Full corpus: [/llms-full.txt](/llms-full.txt)

_GraphCanon - The knowledge graph for AI development. https://www.graphcanon.com/_
