Sentinel: SOTA model to protect against prompt injections

TL;DR

Sentinel is a new detection model based on ModernBERT-large that effectively identifies prompt injection attacks in LLMs, achieving state-of-the-art accuracy and outperforming existing baselines on diverse datasets.

Contribution

The paper introduces Sentinel, a novel prompt injection detection model utilizing ModernBERT-large, trained on extensive datasets, and demonstrating superior performance over existing methods.

Findings

Sentinel achieves an average accuracy of 0.987 on internal tests.

Sentinel outperforms baseline models on public benchmarks.

The model effectively detects various attack types and benign instructions.

Abstract

Large Language Models (LLMs) are increasingly powerful but remain vulnerable to prompt injection attacks, where malicious inputs cause the model to deviate from its intended instructions. This paper introduces Sentinel, a novel detection model, qualifire/prompt-injection-sentinel, based on the \answerdotai/ModernBERT-large architecture. By leveraging ModernBERT's advanced features and fine-tuning on an extensive and diverse dataset comprising a few open-source and private collections, Sentinel achieves state-of-the-art performance. This dataset amalgamates varied attack types, from role-playing and instruction hijacking to attempts to generate biased content, alongside a broad spectrum of benign instructions, with private datasets specifically targeting nuanced error correction and real-world misclassifications. On a comprehensive, unseen internal test set, Sentinel demonstrates an average accuracy of 0.987 and an F1-score of 0.980. Furthermore, when evaluated on public benchmarks, it consistently outperforms strong baselines like protectai/deberta-v3-base-prompt-injection-v2. This work details Sentinel's architecture, its meticulous dataset curation, its training methodology, and a thorough evaluation, highlighting its superior detection capabilities.