Expand description
Security analysis engines for LLMTrace
This crate provides regex-based security analyzers for detecting prompt injection attacks, encoding-based attacks, role injection, PII leakage, and data leakage in LLM interactions.
§Feature: ml
When the ml feature is enabled, an ML-based analyzer using the Candle framework
becomes available:
- [
MLSecurityAnalyzer] — runs local inference with a HuggingFace text classification model (BERT or DeBERTa v2). - [
EnsembleSecurityAnalyzer] — combines regex and ML results for higher accuracy.
Re-exports§
pub use jailbreak_detector::JailbreakConfig;pub use jailbreak_detector::JailbreakDetector;pub use jailbreak_detector::JailbreakResult;pub use action_policy::ActionPolicy;pub use action_policy::ContextMinimizer;pub use action_policy::EnforcementMode;pub use action_policy::Message;pub use action_policy::PolicyDecision;pub use action_policy::PolicyEngine;pub use action_policy::PolicyVerdict;pub use canary::CanaryConfig;pub use canary::CanaryDetection;pub use canary::CanaryToken;pub use canary::CanaryTokenStore;pub use tool_firewall::FirewallAction;pub use tool_firewall::FirewallResult;pub use tool_firewall::FormatConstraint;pub use tool_firewall::FormatViolation;pub use tool_firewall::MinimizeResult;pub use tool_firewall::SanitizeDetection;pub use tool_firewall::SanitizeResult;pub use tool_firewall::StrippedItem;pub use tool_firewall::ToolContext;pub use tool_firewall::ToolFirewall;pub use tool_firewall::ToolInputMinimizer;pub use tool_firewall::ToolOutputSanitizer;pub use tool_registry::ActionRateLimiter;pub use tool_registry::RateLimitExceeded;pub use tool_registry::ToolCategory;pub use tool_registry::ToolDefinition;pub use tool_registry::ToolRegistry;pub use action_correlator::ActionCorrelator;pub use action_correlator::CorrelationConfig;pub use action_correlator::CorrelationResult;pub use action_correlator::TrackedAction;pub use adversarial_defense::AdversarialDefense;pub use adversarial_defense::AdversarialDefenseConfig;pub use adversarial_defense::MultiPassNormalizer;pub use adversarial_defense::PerturbationDetector;pub use fpr_monitor::FprDriftAlert;pub use fpr_monitor::FprMonitor;pub use fpr_monitor::FprMonitorConfig;pub use mcp_monitor::McpMonitor;pub use mcp_monitor::McpMonitorConfig;pub use mcp_monitor::McpSecurityViolation;pub use multi_agent::AgentId;pub use multi_agent::AgentProfile;pub use multi_agent::MultiAgentConfig;pub use multi_agent::MultiAgentDefensePipeline;pub use multi_agent::TrustLevel;pub use result_parser::AggregatedResult;pub use result_parser::AggregationStrategy;pub use result_parser::DetectorResult;pub use result_parser::DetectorType;pub use result_parser::ResultAggregator;pub use result_parser::ScanResult;pub use result_parser::ThreatCategory;pub use session_analyzer::SessionAnalysisResult;pub use session_analyzer::SessionAnalyzer;pub use session_analyzer::SessionAnalyzerConfig;
Modules§
- action_
correlator - Multi-step action correlation for cross-request attack sequence detection.
- action_
policy - Action-selector policy enforcement and context minimization.
- adversarial_
defense - Adversarial ML robustness module (R-IS-08).
- canary
- Canary token system for detecting system prompt leakage (OWASP LLM07).
- code_
security - Code security analysis for LLM-generated code outputs.
- fpr_
monitor - Production FPR monitoring with drift detection (R-IS-01).
- jailbreak_
detector - Dedicated jailbreak detection module.
- mcp_
monitor - MCP Protocol Security Monitoring (R-AS-06).
- multi_
agent - Multi-Agent Defense Pipeline (R-AS-04).
- normalise
- Unicode normalisation layer for security analysis.
- pii_
validation - PII checksum validation to reduce false positives.
- result_
parser - Standardized tool result parsing (R-AS-01).
- session_
analyzer - Multi-turn session analysis for detecting extraction attacks (R-IS-03).
- tool_
firewall - Tool-boundary firewalling for agent security.
- tool_
registry - Tool registry and action-type rate limiting for agent security.
Structs§
- Regex
Security Analyzer - Regex-based security analyzer for LLM request and response content.
Functions§
- is_
likely_ false_ positive - Check whether a PII match is likely a false positive based on its context.