SecureVector Guardian 1.4.0

Reduces false positives on benign technical content — source code, product/security documentation, and security-agent system prompts — that earlier versions could misflag as attacks because they share vocabulary with real threats.

Fixed

• Benign source code, docs, and security system prompts no longer false-positive. Reading a source file (def get_api_key(...), import React), a product README / API reference, or a SOC-analyst system prompt ("monitor for prompt injection and data exfiltration") previously scored as an attack. New original benign training examples for these content classes correct the over-defense.

Changed

• Retrained on the original corpus with the added benign-technical examples. Held-out precision and false-positive rate unchanged from v1.3.0 (precision ~0.97, held-out FPR ~0.02; long-document benign FPR 0.0). Obfuscation (leetspeak / homoglyph / spacing), buried-in-document, and base64 / hex / URL-encoded robustness maintained; common direct attacks (instruction-override, persona-jailbreak, credential exfiltration) remain caught.

Notes

• Precision improvement for the additive layer; the regex rule engine is unchanged. Content that quotes a literal attack payload verbatim (e.g. a changelog printing an injection string as an example) is still flagged — best handled by scoping enforcement to what an agent executes vs. what it merely reads.
• Data & legal posture unchanged: 100% original training data, no third-party datasets or pretrained weights; zero-dependency pure-Python runtime, byte-exact to the trained model (parity Δ = 0).

SecureVector Guardian 1.3.0

Adds encoded-payload and agent-era injection coverage, and hardens the model's evaluation and data-provenance guarantees. All training data remains 100% SecureVector-original — now enforced by automated tests.

Added

• URL / percent-encoding decode-and-rescan — percent-decodes inline %xx payloads and rescans the plaintext (e.g. ignore%20all%20previous%20instructions). Gated so it only activates when %xx is present and decoding changes the text — benign prose and benign encoded URLs produce no false positives.
• Broadened agent-era injection coverage via original training templates: tool/plugin misuse, RAG / retrieved-document indirect injection, and memory/conversation poisoning. (Concepts from OWASP LLM06/LLM08 and MITRE ATLAS; all example text authored by SecureVector.)
• Honest, leak-proof evaluation — content-hash–frozen held-out test set, train/test near-duplicate (paraphrase) leak guard, recall-at-FPR frontier, 95% bootstrap CIs, and per-category support flags.
• Adversarial red-team regression eval over a frozen 1,955-example corpus (held out of training, verified by the leak guard).
• Provenance enforcement — internal-source + no-public-dataset-marker checks run during training; a static no-public-dataset-import guard runs in CI.

Changed

• Retrained on the original corpus. Precision held (held-out FPR ≈ 0.02; long-document benign FPR 0.0); obfuscation / buried-in-document / base64/hex robustness maintained.
• canonicalize() is now idempotent; malformed rule files warn instead of being silently skipped.

Data & legal posture (unchanged, now enforced)

• 100% original training data; no third-party datasets/prompts/rules/code/model weights. No pretrained checkpoints. Public benchmarks are evaluation-only. Permissive OSS deps only (scikit-learn/NumPy/SciPy — BSD; PyYAML/joblib — MIT). Ships a zero-dependency pure-Python runtime that is byte-exact to the trained model (parity Δ = 0).

Full notes: see CHANGELOG.md.

SecureVector Guardian 1.2.0

Maintenance release. Runtime is unchanged from 1.1.0 (first-use auto-download, per-user cache, offline thereafter). Repository history cleaned.

SecureVector Guardian 1.1.0

First-use model auto-download.

• The trained model bundle is no longer shipped in the wheel (21 KB install). On first use, svguardian / svguardian.server download guardian.runtime.json.gz from this release, SHA-256 verify it, and cache it per-user — then every run is fully offline.
• Cross-platform cache: ~/.cache/svguardian (Linux), ~/Library/Caches/svguardian (macOS), %LOCALAPPDATA%\svguardian (Windows). Overrides: SV_GUARDIAN_CACHE, XDG_CACHE_HOME.
• Air-gapped: set SV_GUARDIAN_RUNTIME=/path/to/guardian.runtime.json.gz to skip all network.
• New: svguardian.resolve_runtime() returns the cached bundle path (downloading if needed).

Note: the auto-download requires the release asset to be publicly reachable.

SecureVector Guardian 1.0.1

Fix: the bundle-not-found error from svguardian / svguardian-server now points pip users at the release download page and SV_GUARDIAN_RUNTIME, instead of referencing the training-only export module that doesn't ship in the wheel.

SecureVector Guardian 1.0.0

First release of SecureVector Guardian — a lightweight, fast, fully-offline ML model that detects prompt & AI attacks.

• pip install securevector-guardian-model — stdlib-only runtime, zero dependencies
• Import name: svguardian
• Model bundle (guardian.runtime.json.gz, ~1.8 MB) attached below with its SHA-256 integrity sidecar — pass via --runtime or SV_GUARDIAN_RUNTIME
• Detects: prompt_injection · jailbreak · data_exfiltration · pii · social_engineering · harmful_content · model_attack
• Validation: 42/42 unit tests (exact scikit-learn↔pure-Python parity), long-doc eval P/R 1.0 at 0 FPR, red-team 25/26 with 0 benign false positives