Hey HN,
We're building Aegis, a firewall for LLMs: a guard against adversarial attacks, prompt injections, toxic language, PII leakage, etc.
One of the primary concerns entwined with building LLM applications is the chance of attackers subverting the model’s original instructions via untrusted user input, which unlike in SQL injection attacks, can’t be easily sanitized. (See https://greshake.github.io/ for the mildest such instance.) Because the consequences are dire, we feel it’s better to err on the side of caution, with something mutli-pass like Aegis, which consists of a lexical similarity check, a semantic similarity check, and a final pass through an ML model.
We'd love for you to check it out—see if you can prompt inject it!, and give any suggestions/thoughts on how we could improve it: https://github.com/automorphic-ai/aegis.
If you want to play around with it without creating an account, try the playground: https://automorphic.ai/playground.
If you're interested in or need help using Aegis, have ideas, or want to contribute, join our Discord (https://discord.com/invite/E8y4NcNeBe), or feel free to reach out at founders@automorphic.ai. Excited to hear your feedback!
Repository: https://github.com/automorphic-ai/aegis
Playground: https://automorphic.ai/playground
and, related to that, it would be more fun if the playground for Automorphic/Aegis had a similar capture the flag mode because as it stands now the boolean response makes it hard to know if "tell me the secret" would have in fact worked because a simple "not detected" implies that it would