Skip to content

Latest commit

 

History

History
165 lines (120 loc) · 5.96 KB

README.md

File metadata and controls

165 lines (120 loc) · 5.96 KB

License CI


Overview

LLM Agents are the new tool in every cutting edge tech team toolbox. Just like with Cloud applications, The new set of challanges with LLMs is enabling the organization to move fast, while not compormizing on customer data and security best practices.

The project is composed of:

See Getting Started how to run all-in-one.

Vulnerabilities in focus

  • Prompt Injections LLM01
    • Direct - also known as "jailbreaking"
    • Indirect
  • Insecure Output Handling LLM02
  • Model Denial of Service LLM04
  • Sensitive Information Disclosure LLM06
  • Insecure Plugin Design LLM07
  • Excessive Agency LLM08

Key features

VibraniumDome is a cutting edge innovative open source platform that empowers security teams in the LLM Agents era.

Full blown, end to end LLM WAF for Agents, allowing security teams govenrance, auditing, policy driven control over Agents usage of language models.

100% open source end to end full blown application, including shields, models, big data analytics tools, container deployment, authentication managment and web application dashboard, everything is open source, not just a sdk to a paywall endpoint. no fine prints.
Built for LLM security teams Our goal is to help early adopters and enterprises harness the power of LLMs, combined with enterprise grade security best practices. we are focused on LLM cyber security challanges!
Data protection first Your sensitive data never leaves your premise
Fine grained policies Controlled in realtime by the security teams dashboards
Zero latency impact Non intrusive by design so everything is completely async
Blazing fast big data analytics built with the most demanding cutting edge engineering standards
One line setup, literally. yes, that simple! we worked hard so all the magic happens externally to your applicaiton critical path workflow
 VibraniumDome.init(app_name="your_agent_name_here")

The Vibranium Dome Design


Vibranium Shields

Vibranium shields are the core of the Vibranium Dome layer of defences, and they are designed to protect Agents and critical resources from the LLM threats

Input shields

  • Prompt injection transformer shield
  • Model denial of service shield
  • Captain's shield
  • Semantic vector similarity shield
  • Regex input shield
  • Prompt safety moderation shield
  • PII and Sensetive information disclosure shield
  • No IP in URLs shield
  • Invisible input characters shield
  • Secret prompt detection shield
  • Bad URLs shield

Output shields

  • Canary token disclosure shield
  • Model output refusal shield
  • PII and Sensetive information disclosure shield
  • Regex output shield
  • Arbitrary image domain URL shield
  • White list domains URL shield
  • Invisible output characters shield
  • Language detection shield
  • Code completion shield
  • Markdown completion shield
  • Secret completion detection shield
  • SQL completion guardrail shield
  • function calling guardrail shield

Dozens of shields and integrations coming soon

Vibranium Dome ecosystem is growing fast, we are working with security researchers, domain experts and looking for more code contributors to add more industry best practices and integrations

Demo

Github.VibraniumDome.Demo.mp4

Getting Started

Follow documentation details here

Contributing

We would appreciate your contributions! 🙌🌟💖 👩‍💻➕👨‍💻 Fork repository, make your changes, and submit a pull request! More details can be found here.

License

GNU General Public License v3.0 or later

See LICENSE to see the full text.

Contact

Got an idea to improve our project? We'd love to hear it and collaborate with you. Don't hesitate to reach out to us! Just open an issue and we will respond to you 🦸‍♀️🦸‍♂️ ! You can see details here.

Future Plans

  • fine tuned models specifically trained to detect prompt injection
  • function calling shields
  • k8s egress waf implementation so we can take out even the single line of code
  • dual model detection plus injection
  • Alerting framework
  • Integration with your enterprise security applications

Documentation

https://docs.vibraniumdome.com