LLM Agents are the new tool in every cutting edge tech team toolbox. Just like with Cloud applications, The new set of challanges with LLMs is enabling the organization to move fast, while not compormizing on customer data and security best practices.
The project is composed of:
- Full-Stack Web-Application - For management & dashboard.
- Shields Server - Receives LLM interactions via Open Telemetry from the vibraniumdome-sdk.
- OpenSearch - Provides storage & query analytics for LLM interactions received by the Shields Server.
See Getting Started how to run all-in-one.
- Prompt Injections LLM01
- Direct - also known as "jailbreaking"
- Indirect
- Insecure Output Handling LLM02
- Model Denial of Service LLM04
- Sensitive Information Disclosure LLM06
- Insecure Plugin Design LLM07
- Excessive Agency LLM08
VibraniumDome is a cutting edge innovative open source platform that empowers security teams in the LLM Agents era.
Full blown, end to end LLM WAF for Agents, allowing security teams govenrance, auditing, policy driven control over Agents usage of language models.
100% open source
end to end full blown application, including shields, models, big data analytics tools, container deployment, authentication managment and web application dashboard, everything is open source, not just a sdk to a paywall endpoint. no fine prints.Built for LLM security teams
Our goal is to help early adopters and enterprises harness the power of LLMs, combined with enterprise grade security best practices. we are focused on LLM cyber security challanges!Data protection first
Your sensitive data never leaves your premiseFine grained policies
Controlled in realtime by the security teams dashboardsZero latency impact
Non intrusive by design so everything is completely asyncBlazing fast big data analytics
built with the most demanding cutting edge engineering standardsOne line setup, literally. yes, that simple!
we worked hard so all the magic happens externally to your applicaiton critical path workflow VibraniumDome.init(app_name="your_agent_name_here")
Vibranium shields are the core of the Vibranium Dome layer of defences, and they are designed to protect Agents and critical resources from the LLM threats
- Prompt injection transformer shield
- Model denial of service shield
- Captain's shield
- Semantic vector similarity shield
- Regex input shield
- Prompt safety moderation shield
- PII and Sensetive information disclosure shield
- No IP in URLs shield
- Invisible input characters shield
- Secret prompt detection shield
- Bad URLs shield
- Canary token disclosure shield
- Model output refusal shield
- PII and Sensetive information disclosure shield
- Regex output shield
- Arbitrary image domain URL shield
- White list domains URL shield
- Invisible output characters shield
- Language detection shield
- Code completion shield
- Markdown completion shield
- Secret completion detection shield
- SQL completion guardrail shield
- function calling guardrail shield
Vibranium Dome ecosystem is growing fast, we are working with security researchers, domain experts and looking for more code contributors to add more industry best practices and integrations
Github.VibraniumDome.Demo.mp4
Follow documentation details here
We would appreciate your contributions! πππ π©βπ»βπ¨βπ» Fork repository, make your changes, and submit a pull request! More details can be found here.
GNU General Public License v3.0 or later
See LICENSE to see the full text.
Got an idea to improve our project? We'd love to hear it and collaborate with you. Don't hesitate to reach out to us! Just open an issue and we will respond to you π¦ΈββοΈπ¦ΈββοΈ ! You can see details here.
- fine tuned models specifically trained to detect prompt injection
- function calling shields
- k8s egress waf implementation so we can take out even the single line of code
- dual model detection plus injection
- Alerting framework
- Integration with your enterprise security applications