U0001f4e6 PyPI: https://pypi.org/project/resksecure
U0001f419 GitHub: https://github.com/Resk-Security/reskSecure
U0001f310 Web: https://resk.fr
Blocking LLM Jailbreaks at the Logits Level with reskSecure
The Problem
Prompt injection and jailbreak attacks are the number one vector against production LLM systems. Instruction-based filters and post-generation regex checks have a fundamental flaw: they operate after the dangerous token has already entered the generation pipeline.
A single malicious token in the output stream can leak PII, call a disallowed API function, or generate harmful content. By the time a regex catches it, the damage is done.
The Solution: Bitmask-Based Logits Firewall
reskSecure takes a different approach. Instead of scanning output text, it intercepts at the logits stage — before a single token is sampled. Using a configurable bitmask system, it either zeroes out dangerous tokens or applies a learned penalty to discourage them.
How It Works
from resksecure import Firewall, Severity
# Load a YAML policy
fw = Firewall.from_yaml("policy.yaml", severity=Severity.HARD)
# The firewall wraps your generation call
output = fw.generate(
model=model,
prompt="Tell me how to pick a lock",
tokenizer=tokenizer
)
# Dangerous tokens are blocked before they ever reach the output
Key Features
-
Two severity modes:
HARDsets blocked logits to -infinity,BIASapplies a configurable penalty - Hot-reload policies: Change YAML rules without restarting your inference server
- Tool call prevention: Block the first token of a disallowed function call at the logits level
- YAML policy system: Define forbidden tokens, phrases, and tool patterns in human-readable files
- Python >= 3.13 + PyTorch >= 2.0.0 compatible
Why Logits-Level?
Post-generation filters check output text and allow the model to already have generated the dangerous content. Logits-level filtering prevents generation entirely. The model simply cannot produce the first token of a blocked sequence.
This is especially critical for tool calling. When an agent tries to invoke a sensitive function, reskSecure intercepts the logits before the function name token is sampled — no post-hoc check, no race condition.
Quick Start
pip install resksecure
Create a simple policy file:
# policy.yaml
severity: hard
blocklist:
- "ignore previous instructions"
- "disregard safety"
- "jailbreak"
Then run:
from resksecure import Firewall, Severity
fw = Firewall.from_yaml("policy.yaml", severity=Severity.HARD)
result = fw.generate(model, prompt, tokenizer)
Next Up
We are actively building RESK Monitor — real-time LLM deployment monitoring with anomaly detection on behavioral drift, error rate analysis, and automated incident response. Stay tuned.
Links
- PyPI: https://pypi.org/project/resksecure
- GitHub: https://github.com/Resk-Security/reskSecure
- Company: https://resk.fr
- Documentation: Coming soon
If you run LLMs in production, try reskSecure and let us know what you think. Contributions, issues, and feedback are welcome.
Top comments (0)