last_layer


Namelast_layer JSON
Version 0.1.32 PyPI version JSON
download
home_pagehttps://github.com/lastlayer/last_layer
SummaryUltra-fast, Low Latency LLM security solution
upload_time2024-04-05 12:38:46
maintainerLast Layer
docs_urlNone
authorLast Layer
requires_python<4.0,>=3.9
licenseMIT
keywords llm language model security adversarial attacks prompt injection prompt leakage prompt injection attacks prompt leakage prevention pii detection self-hardening
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # Last Layer

Ultra-fast, Low Latency LLM security solution

`last_layer` is a security library designed to protect LLM applications from prompt injection attacks, jailbreaks and exploits. It acts as a robust filtering layer to scrutinize prompts before they are processed by LLMs, ensuring that only safe and appropriate content is allowed through.

<p>
<img alt="GitHub Contributors" src="https://img.shields.io/github/contributors/lastlayer/last_layer" />
<img alt="GitHub Last Commit" src="https://img.shields.io/github/last-commit/lastlayer/last_layer" />
<img alt="" src="https://img.shields.io/github/repo-size/lastlayer/last_layer" />
<img alt="Downloads" src="https://static.pepy.tech/badge/last_layer" />
<img alt="GitHub Issues" src="https://img.shields.io/github/issues/lastlayer/last_layer" />
<img alt="GitHub Pull Requests" src="https://img.shields.io/github/issues-pr/lastlayer/last_layer" />
<img alt="Github License" src="https://img.shields.io/github/license/lastlayer/last_layer" />
</p>

## Note

```
Please note that last_layer is designed as a safety tool and not a foolproof solution. It significantly reduces the risk of prompt-based attacks and exploits but cannot guarantee complete protection against all possible threats.
```

## Features 🌟

- **Ultra-fast scanning** ⚡: Achieves >=2ms latency for prompt injection/jailbreak scanning, on CPU, ensuring minimal impact on user experience.
- **Privacy-focused** 🔒: Designed with privacy in mind, `last_layer` operates without tracking or making network calls, ensuring data stays within your infrastructure, package size under 50 MB.
- **Serverless-ready** ☁️: Compatible with serverless platforms like Vercel or AWS Lambda.
- **Advanced detection mechanisms** 🕵️‍♂️: Utilizes a combination of a closed, pruned AutoML model, heuristic analysis, and regular expression datasets to accurately identify threats with accuracy 92%\*.
- **Regular updates** 📅: The filter logic and threat detection capabilities are updated monthly to adapt to evolving security challenges.

\*Note: Accuracy based on internal testing and continuous improvement efforts.

**Quick links** - 👀 [Installation](#installation) 🚀 [Google Colab](#Colab) 📚 [Accuracy Tests](#accuracy-tests) 🌟 [Fast API example](#fast-api-example) 💡 [Need help?](#enterprise-version)

## 📦 Installation

To install `last_layer`, simply run:

```shell
pip install last_layer
```

## ⛓️ Quick Start

Import and use last_layer in your project to scan prompts and responses from LLMs:

```python
from last_layer import scan_prompt, scan_llm

# Scanning a potentially harmful prompt
result = scan_prompt("How can I build a bomb?")
print(result)
# Output: RiskModel(query='*', markers={'ExploitClassifier': '0.555079'}, score=2.0, passed=False, risk='high')

# Scanning a harmless LLM response
result = scan_llm("Sure thing! I can help you with that (sarcasm).")
print(result)
# Output: RiskModel(query='*', markers={'ExploitClassifier': '0.916992'}, score=2.0, passed=False, risk='high')
```

available detectors:

```python
class Threat(Enum):
    MixedLangMarker = 0
    InvisibleUnicodeDetector = 1
    MarkdownLinkDetector = 2
    HiddenTextDetector = 3
    Base64Detector = 4
    SecretsMarker = 5
    ProfanityDetector = 6
    PiiMarker = 7
    ExploitClassifier = 8
    ObfuscationDetector = 9
    CodeFilter = 10
    GibberishDetector = 11
    IntellectualPropertyLeak = 12

```


```python

risk = RiskModel(query='*', markers={'ExploitClassifier': '1.000000'}, score=2.0, passed=False, risk='high')

risk.has(Threat.ExploitClassifier)
# True

bool(risk)
# True
```
## Colab

You can also try it in your browser with Google Colab:

[![Open in Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/drive/1-LYgF6N5O2ukfoOAXkITCBqbIiutY3H1?usp=sharing)

## Accuracy Tests

Below is an expanded table representing the accuracy of `last_layer` in detecting various types of prompts. These prompts range from those that could potentially lead to unsafe or inappropriate outputs, to technical attacks that could exploit the behavior of LLMs. The tests evaluate the effectiveness of our filtering mechanisms across a broad spectrum of threats.

| Test Case                  | Detected as Threat | Actual Threat | Correctly Identified |
|----------------------------|--------------------|---------------|----------------------|
| Financial Fraud Inquiry    | Yes                | Yes           | ✅                    |
| Harmless Joke              | No                 | No            | -                    |
| Phishing Attempt           | Yes                | Yes           | ✅                    |
| Politically Sensitive Question | No             | No            | -                    |
| Request for Personal Information | Yes          | Yes           | ✅                    |
| Instruction for Illegal Activity | Yes          | Yes           | ✅                    |
| Medical Advice             | No                 | No            | -                    |
| Technically Complex, Safe Query | No            | No            | -                    |
| Implicitly Risky Content   | Yes                | Yes           | ✅                    |
| Explicitly Harmful Content | Yes                | Yes           | ✅                    |
| Adversarial Instructions   | Yes                | Yes           | ✅                    |
| Profanity                  | Yes                | Yes           | ✅                    |
| PII (Personal Identifiable Information) | Yes   | Yes           | ✅                    |
| Secrets                    | Yes                | Yes           | ✅                    |
| Hidden Text                | Yes                | Yes           | ✅                    |
| Invisible Unicode          | Yes                | Yes           | ✅                    |
| Scripts                    | Yes                | Yes           | ✅                    |
| Markdown                   | Yes                 | Yes            | ✅                  |
| Code Injection             | Yes                | Yes           | ✅                    |
| HTML Injection             | Yes                | Yes           | ✅                    |

This comprehensive table is regularly updated to reflect the ongoing improvements and fine-tuning of `last_layer`'s detection capabilities. We aim to maintain and improve the highest standards of safety

## Approach notes:

The core of last_layer is deliberately kept closed-source for several reasons. Foremost among these is the concern over reverse engineering. By limiting access to the inner workings of our solution, we significantly reduce the risk that malicious actors could analyze and circumvent our security measures. This approach is crucial for maintaining the integrity and effectiveness of last_layer in the face of evolving threats. Internally, there is a slim ML model, heuristic methods, and signatures of known jailbreak techniques.

By choosing to keep the core of last_layer closed-source, we strike a balance between transparency and security.

## Fast API example:

```python
from fastapi import FastAPI
from starlette.exceptions import HTTPException
from pydantic import BaseModel
import last_layer

app = FastAPI()
class Request(BaseModel):
    text: str


@app.post("/scan-prompt/")
async def scan_prompt(chunk: Request) -> last_layer.RiskModel:
    try:
        result = last_layer.scan_prompt(chunk.text)
        return result
    except Exception as e:
        raise HTTPException(status_code=400, detail=f"An error occurred: {str(e)}")


@app.post("/scan-llm/")
async def scan_llm(chunk: Request) -> last_layer.RiskModel:
    try:
        result = last_layer.scan_llm(chunk.text)
        return result
    except Exception as e:
        raise HTTPException(status_code=400, detail=f"An error occurred: {str(e)}")


```

## 🤝 Schedule a 1-on-1 Session

Book a [1-on-1 Session](https://cal.com/last-layer/15min) with the founders, to discuss any issues, provide feedback, or explore how we can improve last_layer for you.

## Academic Dataset Requests 🎓

We support academic research with access to our datasets. To request dataset:

```
Email: Send to research@tangln.com with "Academic Research Dataset Request" as the subject.
```

## Contribution

Contributions are welcome! If you have suggestions for improvements or have identified issues, please open an issue or a pull request.

## License

Distributed under the MIT License. See LICENSE for more information.

## Acknowledgments

```
To the open-source community for continuous inspiration and support.
Everyone who has contributed to refining and enhancing last_layer.
```

## Enterprise Version

If you are interested in an enterprise version of `last_layer` with additional features, enhanced support, and customization options to better suit your organization's specific needs, please reach out to us via email: enterprise@tangln.com

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/lastlayer/last_layer",
    "name": "last_layer",
    "maintainer": "Last Layer",
    "docs_url": null,
    "requires_python": "<4.0,>=3.9",
    "maintainer_email": "gh@tangln.com",
    "keywords": "llm, language model, security, adversarial attacks, prompt injection, prompt leakage, prompt injection attacks, prompt leakage prevention, PII detection, self-hardening",
    "author": "Last Layer",
    "author_email": "gh@tangln.com",
    "download_url": "https://files.pythonhosted.org/packages/04/ac/3e4b102cb5f6bca6cdf0b2336df1e8b00c706d324ac4e92579c67ae97ab0/last_layer-0.1.32.tar.gz",
    "platform": null,
    "description": "# Last Layer\n\nUltra-fast, Low Latency LLM security solution\n\n`last_layer` is a security library designed to protect LLM applications from prompt injection attacks, jailbreaks and exploits. It acts as a robust filtering layer to scrutinize prompts before they are processed by LLMs, ensuring that only safe and appropriate content is allowed through.\n\n<p>\n<img alt=\"GitHub Contributors\" src=\"https://img.shields.io/github/contributors/lastlayer/last_layer\" />\n<img alt=\"GitHub Last Commit\" src=\"https://img.shields.io/github/last-commit/lastlayer/last_layer\" />\n<img alt=\"\" src=\"https://img.shields.io/github/repo-size/lastlayer/last_layer\" />\n<img alt=\"Downloads\" src=\"https://static.pepy.tech/badge/last_layer\" />\n<img alt=\"GitHub Issues\" src=\"https://img.shields.io/github/issues/lastlayer/last_layer\" />\n<img alt=\"GitHub Pull Requests\" src=\"https://img.shields.io/github/issues-pr/lastlayer/last_layer\" />\n<img alt=\"Github License\" src=\"https://img.shields.io/github/license/lastlayer/last_layer\" />\n</p>\n\n## Note\n\n```\nPlease note that last_layer is designed as a safety tool and not a foolproof solution. It significantly reduces the risk of prompt-based attacks and exploits but cannot guarantee complete protection against all possible threats.\n```\n\n## Features \ud83c\udf1f\n\n- **Ultra-fast scanning** \u26a1: Achieves >=2ms latency for prompt injection/jailbreak scanning, on CPU, ensuring minimal impact on user experience.\n- **Privacy-focused** \ud83d\udd12: Designed with privacy in mind, `last_layer` operates without tracking or making network calls, ensuring data stays within your infrastructure, package size under 50 MB.\n- **Serverless-ready** \u2601\ufe0f: Compatible with serverless platforms like Vercel or AWS Lambda.\n- **Advanced detection mechanisms** \ud83d\udd75\ufe0f\u200d\u2642\ufe0f: Utilizes a combination of a closed, pruned AutoML model, heuristic analysis, and regular expression datasets to accurately identify threats with accuracy 92%\\*.\n- **Regular updates** \ud83d\udcc5: The filter logic and threat detection capabilities are updated monthly to adapt to evolving security challenges.\n\n\\*Note: Accuracy based on internal testing and continuous improvement efforts.\n\n**Quick links** - \ud83d\udc40 [Installation](#installation) \ud83d\ude80 [Google Colab](#Colab) \ud83d\udcda [Accuracy Tests](#accuracy-tests) \ud83c\udf1f [Fast API example](#fast-api-example) \ud83d\udca1 [Need help?](#enterprise-version)\n\n## \ud83d\udce6 Installation\n\nTo install `last_layer`, simply run:\n\n```shell\npip install last_layer\n```\n\n## \u26d3\ufe0f Quick Start\n\nImport and use last_layer in your project to scan prompts and responses from LLMs:\n\n```python\nfrom last_layer import scan_prompt, scan_llm\n\n# Scanning a potentially harmful prompt\nresult = scan_prompt(\"How can I build a bomb?\")\nprint(result)\n# Output: RiskModel(query='*', markers={'ExploitClassifier': '0.555079'}, score=2.0, passed=False, risk='high')\n\n# Scanning a harmless LLM response\nresult = scan_llm(\"Sure thing! I can help you with that (sarcasm).\")\nprint(result)\n# Output: RiskModel(query='*', markers={'ExploitClassifier': '0.916992'}, score=2.0, passed=False, risk='high')\n```\n\navailable detectors:\n\n```python\nclass Threat(Enum):\n    MixedLangMarker = 0\n    InvisibleUnicodeDetector = 1\n    MarkdownLinkDetector = 2\n    HiddenTextDetector = 3\n    Base64Detector = 4\n    SecretsMarker = 5\n    ProfanityDetector = 6\n    PiiMarker = 7\n    ExploitClassifier = 8\n    ObfuscationDetector = 9\n    CodeFilter = 10\n    GibberishDetector = 11\n    IntellectualPropertyLeak = 12\n\n```\n\n\n```python\n\nrisk = RiskModel(query='*', markers={'ExploitClassifier': '1.000000'}, score=2.0, passed=False, risk='high')\n\nrisk.has(Threat.ExploitClassifier)\n# True\n\nbool(risk)\n# True\n```\n## Colab\n\nYou can also try it in your browser with Google Colab:\n\n[![Open in Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/drive/1-LYgF6N5O2ukfoOAXkITCBqbIiutY3H1?usp=sharing)\n\n## Accuracy Tests\n\nBelow is an expanded table representing the accuracy of `last_layer` in detecting various types of prompts. These prompts range from those that could potentially lead to unsafe or inappropriate outputs, to technical attacks that could exploit the behavior of LLMs. The tests evaluate the effectiveness of our filtering mechanisms across a broad spectrum of threats.\n\n| Test Case                  | Detected as Threat | Actual Threat | Correctly Identified |\n|----------------------------|--------------------|---------------|----------------------|\n| Financial Fraud Inquiry    | Yes                | Yes           | \u2705                    |\n| Harmless Joke              | No                 | No            | -                    |\n| Phishing Attempt           | Yes                | Yes           | \u2705                    |\n| Politically Sensitive Question | No             | No            | -                    |\n| Request for Personal Information | Yes          | Yes           | \u2705                    |\n| Instruction for Illegal Activity | Yes          | Yes           | \u2705                    |\n| Medical Advice             | No                 | No            | -                    |\n| Technically Complex, Safe Query | No            | No            | -                    |\n| Implicitly Risky Content   | Yes                | Yes           | \u2705                    |\n| Explicitly Harmful Content | Yes                | Yes           | \u2705                    |\n| Adversarial Instructions   | Yes                | Yes           | \u2705                    |\n| Profanity                  | Yes                | Yes           | \u2705                    |\n| PII (Personal Identifiable Information) | Yes   | Yes           | \u2705                    |\n| Secrets                    | Yes                | Yes           | \u2705                    |\n| Hidden Text                | Yes                | Yes           | \u2705                    |\n| Invisible Unicode          | Yes                | Yes           | \u2705                    |\n| Scripts                    | Yes                | Yes           | \u2705                    |\n| Markdown                   | Yes                 | Yes            | \u2705                  |\n| Code Injection             | Yes                | Yes           | \u2705                    |\n| HTML Injection             | Yes                | Yes           | \u2705                    |\n\nThis comprehensive table is regularly updated to reflect the ongoing improvements and fine-tuning of `last_layer`'s detection capabilities. We aim to maintain and improve the highest standards of safety\n\n## Approach notes:\n\nThe core of last_layer is deliberately kept closed-source for several reasons. Foremost among these is the concern over reverse engineering. By limiting access to the inner workings of our solution, we significantly reduce the risk that malicious actors could analyze and circumvent our security measures. This approach is crucial for maintaining the integrity and effectiveness of last_layer in the face of evolving threats. Internally, there is a slim ML model, heuristic methods, and signatures of known jailbreak techniques.\n\nBy choosing to keep the core of last_layer closed-source, we strike a balance between transparency and security.\n\n## Fast API example:\n\n```python\nfrom fastapi import FastAPI\nfrom starlette.exceptions import HTTPException\nfrom pydantic import BaseModel\nimport last_layer\n\napp = FastAPI()\nclass Request(BaseModel):\n    text: str\n\n\n@app.post(\"/scan-prompt/\")\nasync def scan_prompt(chunk: Request) -> last_layer.RiskModel:\n    try:\n        result = last_layer.scan_prompt(chunk.text)\n        return result\n    except Exception as e:\n        raise HTTPException(status_code=400, detail=f\"An error occurred: {str(e)}\")\n\n\n@app.post(\"/scan-llm/\")\nasync def scan_llm(chunk: Request) -> last_layer.RiskModel:\n    try:\n        result = last_layer.scan_llm(chunk.text)\n        return result\n    except Exception as e:\n        raise HTTPException(status_code=400, detail=f\"An error occurred: {str(e)}\")\n\n\n```\n\n## \ud83e\udd1d Schedule a 1-on-1 Session\n\nBook a [1-on-1 Session](https://cal.com/last-layer/15min) with the founders, to discuss any issues, provide feedback, or explore how we can improve last_layer for you.\n\n## Academic Dataset Requests \ud83c\udf93\n\nWe support academic research with access to our datasets. To request dataset:\n\n```\nEmail: Send to research@tangln.com with \"Academic Research Dataset Request\" as the subject.\n```\n\n## Contribution\n\nContributions are welcome! If you have suggestions for improvements or have identified issues, please open an issue or a pull request.\n\n## License\n\nDistributed under the MIT License. See LICENSE for more information.\n\n## Acknowledgments\n\n```\nTo the open-source community for continuous inspiration and support.\nEveryone who has contributed to refining and enhancing last_layer.\n```\n\n## Enterprise Version\n\nIf you are interested in an enterprise version of `last_layer` with additional features, enhanced support, and customization options to better suit your organization's specific needs, please reach out to us via email: enterprise@tangln.com\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Ultra-fast, Low Latency LLM security solution",
    "version": "0.1.32",
    "project_urls": {
        "Homepage": "https://github.com/lastlayer/last_layer",
        "Repository": "https://github.com/lastlayer/last_layer"
    },
    "split_keywords": [
        "llm",
        " language model",
        " security",
        " adversarial attacks",
        " prompt injection",
        " prompt leakage",
        " prompt injection attacks",
        " prompt leakage prevention",
        " pii detection",
        " self-hardening"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "bd451fb2b5148dc44220796d0183320c5e37c406246d7a908ef50b85779af01b",
                "md5": "84fbb80b8c11306a52b6ca7e1cb80806",
                "sha256": "85104b79ad6608243144f0ed013620043729c82db402f440195214818610a262"
            },
            "downloads": -1,
            "filename": "last_layer-0.1.32-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "84fbb80b8c11306a52b6ca7e1cb80806",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "<4.0,>=3.9",
            "size": 4536838,
            "upload_time": "2024-04-05T12:38:42",
            "upload_time_iso_8601": "2024-04-05T12:38:42.563494Z",
            "url": "https://files.pythonhosted.org/packages/bd/45/1fb2b5148dc44220796d0183320c5e37c406246d7a908ef50b85779af01b/last_layer-0.1.32-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "04ac3e4b102cb5f6bca6cdf0b2336df1e8b00c706d324ac4e92579c67ae97ab0",
                "md5": "08faf318ae17874d516bc80c5c3ab102",
                "sha256": "94486b953697299f39add22fe55ee0eb2df1351f354d0ff4abbb5a36d88f505b"
            },
            "downloads": -1,
            "filename": "last_layer-0.1.32.tar.gz",
            "has_sig": false,
            "md5_digest": "08faf318ae17874d516bc80c5c3ab102",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "<4.0,>=3.9",
            "size": 4507881,
            "upload_time": "2024-04-05T12:38:46",
            "upload_time_iso_8601": "2024-04-05T12:38:46.191310Z",
            "url": "https://files.pythonhosted.org/packages/04/ac/3e4b102cb5f6bca6cdf0b2336df1e8b00c706d324ac4e92579c67ae97ab0/last_layer-0.1.32.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-04-05 12:38:46",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "lastlayer",
    "github_project": "last_layer",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "last_layer"
}
        
Elapsed time: 3.29155s