Abstract: Data is received which includes multimodal input for ingestion by a first generative AI (GenAI) model is received. This received data is input into the first GenAI model to result in a first output. The first output along with the received data is input into a second GenAI model to result in a second output. The first GenAI model is a modified (e.g., fine-tuned, etc.) version of the second GenAI model. When the second output indicates that guardrails associated with the second GenAI model have been triggered, one or more remediation actions are initiated. Otherwise, the first output is returned to the requestor. Related apparatus, systems, techniques and articles are also described.

Abstract: A prompt for a generative artificial intelligence (GenAI) model is received which includes unicode. Unicode fonts in the prompt are identified and then translated into a plaintext representation. Further, unicode characters in the prompt are identified which each have an associated unicode tag. It is determined, based on the associated unicode tags, whether at least a portion of the unicode characters are valid. When at least a portion of the unicode characters are determined to be valid, the unicode characters in the prompt are converted into a plaintext representation. The prompt with the translated fonts and the converted unicode fonts are passed into the GenAI model. When at least a portion of the unicode characters are not determined to be valid, the unicode characters are removed from the prompt. This prompt with the translated unicode fonts, after the unicode characters are removed, is input into the GenAI model.

Abstract: A prompt for a generative artificial intelligence (GenAI) model which contains unicode is received. The prompt is then tokenized to result in a plurality of tokens. Token forming part of a repeating sequence are identified and then removed to result in a modified set of tokens. The modified set of tokens are subsequently detokenized to result in a modified prompt. It is then determined, whether ingestion of the modified prompt by the GenAI model will result in the GenAI model behaving in an undesired manner. The modified prompt is passed to the GenAI model when it is determined that ingestion of the modified prompt will not result in the GenAI model behaving in an undesired manner. Otherwise, at least one remediation action is initiated when it is determined that ingestion of the modified prompt by the GenAI model will result in the GenAI model behaving in an undesired manner.

Abstract: An encoder receives first data encapsulating second data in a hidden compartment along with a decoder identifier corresponding to either of a first decoder or a second decoder. The encoder then generates an embedding corresponding to the first data. The first decoder decodes the embedding to result in a representation of the first data when the decoder identifier corresponds to the first decoder. The second decoder decodes the embedding to result in a representation of the second data when the decoder identifier corresponds to the second decoder. The decoded embedding can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: First data is received which encapsulates second data in a hidden compartment. Thereafter, a password is received by a password encoder which uses such password to generate a key. The first data and the key are combined to generate the second data (i.e., the hidden data). The second data is then provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: Data is received that characterizes artefacts associated with each of a plurality of layers of a first machine learning model. Fingerprints are then generated for each of the artefacts in the layers of the first machine learning model. These generated fingerprints collectively form a model indicator for the first machine learning model. It is then determined whether the first machine learning model is derived from another machine learning model by performing a similarity analysis between the model indicator for the first machine learning model and model indicators generated for each of a plurality of reference machine learning models each comprising a respective set of fingerprints. Data characterizing the determination can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: An analysis engine receives data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model. The analysis engine, using a prompt injection classifier determines whether the prompt comprises or is indicative of malicious content or otherwise elicits malicious actions. Data characterizing the determination is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: First data is received which encapsulates second data in a hidden compartment. Thereafter, a password is received by a password encoder which uses such password to generate a key. The first data and the key are combined to generate the second data (i.e., the hidden data). The second data is then provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: Data characterizing a prompt for ingestion by a first generative AI model is received. This received data is input into a second GenAI model to result in a second output. The first GenAI model is a different (e.g., fine-tuned, unrelated aligned model, etc.) version of the second GenAI model. When the second output indicates that guardrails associated with the second GenAI model have been triggered, one or more remediation actions are initiated. Related apparatus, systems, techniques and articles are also described.

Abstract: An output of a GenAI model responsive to a prompt is received. The GenAI model is configured using one or more system prompts including one or more Easter eggs. The output is scanned to confirm whether an Easter egg is present. In cases in which at least one Easter egg is present, one or more remediation actions can be initiated to thwart an information leak by the GenAI model. Related apparatus, systems, techniques and articles are also described.

Abstract: An analysis engine receives data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model. An intermediate result of the GenAI model or a proxy of the GenAI model responsive to the prompt is obtained. The analysis engine, using a prompt injection classifier and the intermediate result, determines whether the prompt comprises or is indicative of malicious content or elicits malicious actions. Data characterizing the determination is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: An analysis engine receives data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model. The analysis engine, using the received data, determines whether the prompt comprises personally identifiable information (PII) or elicits PII from the GenAI model. The analysis engine can use pattern recognition to identify PII entities in the prompt. Data characterizing the determination is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: An analysis engine receives data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model. The analysis engine, using a prompt injection classifier determines whether the prompt comprises or is indicative of malicious content or otherwise elicits malicious actions. The prompt injection classifier can be trained using a dataset generated by populating benign content and malicious content into a plurality of different prompt attack structures at pre-defined locations. Data characterizing the determination is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: An analysis engine receives data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model. The analysis engine, using a determines using, for example, a classifier or blocklist, that the prompt comprises or is indicative of malicious content or otherwise elicits undesired model behavior. Similarly, outputs of the GenAI model can be analyzed to determine whether they comprise malicious content or cause the model to behave in an undesired manner. The output is inputted into a GenAI model along with obfuscation instructions to generate an output which is returned to the requesting user. Related apparatus, systems, techniques and articles are also described.

Abstract: An output of a generative artificial intelligence (GenAI) model is received which is responsive to a prompt by a requestor. The output is tokenized to result in a plurality of tokens. These tokens are then used to determine that the output includes at least one string comprising personally identifiable information (PII). This determined can use pattern recognition to identify tokens and sequence of tokens indicative of PII. Thereafter, a classifier is used to assign a PII type to each string in the output comprising PII. It is then determined that at least one of the PII types in the output requires redaction which results in strings having a PII type determined to require redaction to be redacted which, in turn, results in a modified output for transmission to the requester. Related apparatus, systems, techniques and articles are also described.

Abstract: An analysis engine receives data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model. An intermediate result of the GenAI model or a proxy of the GenAI model responsive to the prompt is obtained. The analysis engine, using a prompt injection classifier and the intermediate result, determines whether the prompt comprises or is indicative of malicious content or elicits malicious actions. Data characterizing the determination is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: A machine learning model is scanned to detect actual or potential threats. The threats can be detected before execution of the machine learning model or during an isolated execution environment. The threat detection may include performing a machine learning file format check, vulnerability check, tamper check, and stenography check. The machine learning model may also be monitored in an isolated environment during an execution or runtime session. After performing a scan, the system can generate a signature based on actual, potential, or absence of detected threats.

Abstract: Adversarial attacks on a machine learning model are detected by receiving vectorized data input into the machine learning model along with outputs of the machine learning model responsive to the vectorized data. The vectorized data corresponds to a plurality of queries of the machine learning model by a requesting user. A confidence level is determined which characterizes a likelihood of the vectorized data being part of a malicious act directed to the machine learning model by the requesting user. Data providing the determined confidence levels can be provided to a consuming application or process. Multi-tenant architectures are also provided in which multiple machine learning models associated with different customers can be centrally monitored.

Abstract: The inputs and/or outputs of a generative artificial intelligence model are monitored to determine whether they contain or otherwise elicit undesired behavior by the model such as bypassing security measures, leaking sensitive information, or generating or consuming malicious content. This determination can be used to selectively trigger remediation processes to protect the model from malicious actions. Related apparatus, systems, techniques and articles are also described.

Abstract: A machine learning model is scanned to detect actual or potential threats. The threats can be detected before execution of the machine learning model or during an isolated execution environment. The threat detection may include performing a machine learning file format check, vulnerability check, tamper check, and stenography check. The machine learning model may also be monitored in an isolated environment during an execution or runtime session. After performing a scan, the system can generate a signature based on actual, potential, or absence of detected threats.