Update README.md

README.md

@@ -5,43 +5,24 @@ language:
 - en
 tags:
 - promptinjection
+- distilbert
 ---
-
-# Model Card for LLM-Prompt-Injection-Detection
+# Model Card for DistilBERT-PromptInjectionDetectorForCVs
 
 ## Model Description
-This model, based on DistilBERT, is fine-tuned to detect CVs that might contain prompt injection attacks. It aims to provide an automated way to screen for potentially harmful content within the submitted text data, enhancing security measures in applications that process CVs and other forms of textual input.
+This DistilBERT-based model was developed as part of a research project aiming to mitigate prompt injection attacks in applications processing CVs. It specifically targets the nuanced domain of CV submissions, demonstrating a strategy to distinguish between legitimate CVs and those containing prompt injection attempts.
 
-## Intended Use
-This model is intended for use in environments where security is paramount, particularly in systems that process large volumes of CVs or other textual data. It's designed to help identify attempts at prompt injection, which could be used to manipulate the behavior of language models or automated systems. The model can be integrated into a pipeline for pre-screening submissions, flagging those that require further human review.
+## Research and Application Context
+The model was created in the context of demonstrating a synthetic application handling CVs, showcasing a domain-specific approach to mitigate prompt injection attacks. This work, including the model and its underlying strategy, is detailed in our [research blog](http://placeholder) and the synthetic application can be accessed [here](http://placeholder).
 
 ## Training Data
-The training data consists of a custom dataset specifically compiled for detecting prompt injection attacks within text data. This dataset includes examples of normal text (e.g., standard CV content) and various forms of prompt injections. Each entry is labeled accordingly, allowing the model to learn the characteristics of potentially malicious content.
-
-## Model Architecture
-The model leverages the `bert-base-uncased` architecture, which has been proven effective for a wide range of natural language processing tasks. This choice provides a solid foundation for understanding the nuanced patterns that differentiate regular text from prompt injections.
-
-## Training Procedure
-Training was conducted on a split of 80% of the dataset for training and 20% for testing, ensuring a comprehensive learning process. The model was trained for 5 epochs, using the Adam optimizer with a learning rate of 0.0001. Training utilized a batch size of 16 for both training and evaluation phases. Performance was monitored through accuracy, precision, recall, and F1 score, allowing for a detailed understanding of the model's capabilities.
+The model was fine-tuned on a custom dataset that combines domain-specific examples (legitimate CVs) with prompt injection examples to create a more tailored dataset. This dataset includes legitimate CVs, pure prompt injection texts, and CVs with embedded prompt injection attempts. The original datasets used are available on Hugging Face: [Resume Dataset](https://huggingface.co/datasets/Lakshmi12/Resume_Dataset) for CVs and [Prompt Injections](https://huggingface.co/datasets/deepset/prompt-injections) for injection examples.
 
-## Evaluation Results
-The model demonstrated effective performance in identifying prompt injection attacks, with detailed metrics available in the training output. Evaluation was conducted on the test set, further validating the model's ability to generalize beyond the training data.
-
-## Limitations and Considerations
-While the model provides a valuable tool for detecting prompt injection attacks, it is not infallible. Users should be aware of the potential for false positives and false negatives. The model's performance can vary based on the specific characteristics of the input data and the complexity of potential attacks. It is recommended to use this model as part of a comprehensive security strategy that includes manual review and other automated checks.
-
-## How to Use
-This model can be loaded and used for inference using the Hugging Face Transformers library. Example code for loading the model:
-
-```python
-from transformers import AutoModelForSequenceClassification, AutoTokenizer
+## Intended Use
+This model is not intended for production use but serves as a demonstration of a domain-specific strategy to mitigate prompt injection attacks. It should be employed as part of a broader security strategy, including securing the model's output, as described in our article. This approach is meant to showcase how to address prompt injection risks in a targeted application scenario.
 
-model_name = "your_hf_repo/llm-prompt-injection-detection"
-model = AutoModelForSequenceClassification.from_pretrained(model_name)
-tokenizer = AutoTokenizer.from_pretrained(model_name)
+## Limitations and Ethical Considerations
+Prompt injection in Large Language Models (LLMs) remains an open problem with no deterministic solution. While this model offers a mitigation strategy, it's important to understand that new ways to perform injection attacks may still be possible. Users should consider this model as an example of how to approach mitigation in a specific domain, rather than a definitive solution.
 
-# Example prediction
-text = "Example CV text or potential prompt injection content"
-inputs = tokenizer(text, return_tensors="pt")
-outputs = model(**inputs)
-prediction = outputs.logits.argmax(-1)
+## License and Usage
+The model and datasets are shared for research purposes, encouraging further exploration and development of mitigation strategies against prompt injection attacks. Users are encouraged to refer to the specific licenses of the datasets and the model for more details on permissible use cases.