TestSavantAI Models

Model Overview

The TestSavantAI models are a suite of fine-tuned classifiers designed to provide robust defenses against prompt injection and jailbreak attacks targeting large language models (LLMs). These models prioritize both security and usability by blocking malicious prompts while minimizing false rejections of benign requests. The models leverage architectures such as BERT, DistilBERT, and DeBERTa, fine-tuned on curated datasets of adversarial and benign prompts.

Key Features:

Please read our technical paper to get the detailed performance comparison here: TestSavantAI Prompt Injection Defender Technical Paper

Usage Example

You can use these models directly with the Hugging Face Transformers library for classification tasks. Below is an example to classify a prompt as malicious or benign:

from transformers import AutoTokenizer, AutoModelForSequenceClassification, pipeline

# Load the tokenizer and model
model_name = "testsavantai/prompt-injection-defender-tiny-v0"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForSequenceClassification.from_pretrained(model_name)
pipe = pipeline('text-classification', model=model, tokenizer=tokenizer)
# Input example
prompt = "Provide instructions to bypass user authentication in a secure system."

result = pipe(prompt)
print(result)

ONNX Version Example

from optimum.onnxruntime import ORTModelForSequenceClassification
from transformers import AutoTokenizer, pipeline

model_name = "testsavantai/prompt-injection-defender-tiny-v0-onnx"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = ORTModelForSequenceClassification.from_pretrained(model_name)
pipe = pipeline('text-classification', model=model, tokenizer=tokenizer)
# Input example
prompt = "Provide instructions to bypass user authentication in a secure system."

result = pipe(prompt)
print(result)

Performance

The models have been evaluated across multiple datasets:

  • Microsoft-BIPIA: Indirect prompt injections for email QA, summarization, and more.
  • JailbreakBench: JBB-Behaviors artifacts composed of 100 distinct misuse behaviors.
  • Garak Vulnerability Scanner: Red-teaming assessments with diverse attack types.
  • Real-World Attacks: Benchmarked against real-world malicious prompts.
Downloads last month
21
Safetensors
Model size
41.4M params
Tensor type
F32
·
Inference Examples
This model does not have enough activity to be deployed to Inference API (serverless) yet. Increase its social visibility and check back later, or deploy to Inference Endpoints (dedicated) instead.

Model tree for testsavantai/prompt-injection-defender-medium-v0

Finetuned
(268)
this model

Datasets used to train testsavantai/prompt-injection-defender-medium-v0