Basics of PromptArmor Architecture

Endpoints

PromptArmor has three API endpoints, each for different parts of your LLM Application or Agent.

  • v1/analyze/input

    • Analyzes LLM input and runs the detectors (e.g. adversarial input detection). An example input would be an email your LLM is summarizing.

  • v1/analyze/output

    • Analyzes LLM output and runs the detectors (e.g. data exfiltration detection). An example output would be a summary of an email.

  • v1/analyze/action

    • Analyzes LLM actions (function call & params) and runs the detectors (e.g. anomaly detection). An example action would be a writing an email summary to a database or booking an appointment.

Every call to those endpoints go through our detection engine, which checks against our default and your modifiable detectors. In the next section we show how to set up a configuration to select modifiable detectors.

But first let us explain the concept of detectors.

Detectors

Our detectors are the checks PromptArmor runs, against known threat classes. You can deep dive into all the possible detectors in the Detectors section.

If a detector returns true, that indicates that an issue was found for that detection type.

In every call to PromptArmor, the engine simultaneously checks against all detectors to determine if there is an issue. Because PromptArmor is a realtime detection and response system, PromptArmor returns after the first detector flags as true.

PromptArmor runs all detectors in all encodings that LLMs natively understand (base64, ascii, etc).

PromptArmor runs both Default Detectors and Modifiable Detectors.

Default Detectors are a set of detectors PromptArmor always runs to check for data exfiltration, phishing, system manipulation, and adversarial instructions. These are detectors without much gray area and our powered by our threat intelligence.

Modifiable Detectors are a set of detectors that PromptArmor runs that enrich our detection engine. However, you have the ability to turn it off based on your use case. For example, if you want your application to accept PII, you would turn off the PII detector. These detectors are modifiable in the config.

When you pass in a session_id, PromptArmor also runs session based anomaly detection.

Session Based Anomaly Detection

PromptArmor works best when events are tracked at the level of a session. Therefore, we currently require a session_id

When a session_id is passed in, after viewing "normal" runs of your application, PromptArmor will be able to detect deviations that may indicate a security vulnerability.

By default, session based anomaly detection is turned off, and it is an opt-in feature.