Prompt-injection guardrail for LLM applications. A compact, self-contained model. No regex. No signatures. Closed source during launch prep.
Live attack lab: anton.securelayer7.net — coming soon.
promptpurify scores incoming text for prompt-injection, jailbreak, and system-prompt-leak intent before it reaches your LLM. Single-file model, sub-millisecond inference on CPU. The model carries every decision; there are no enumerated rules.
- Outperforms larger open-source prompt-injection guards. Higher recall and lower false-positives on standardized jailbreak benchmarks, at a fraction of the parameter count.
- Multilingual. Trained on 12 languages — Arabic, Hindi, Korean, Japanese, Chinese, Russian, Turkish, French, German, Spanish, Portuguese, Italian.
- Architecture-native. Catches paraphrases, role-play framings, encoded payloads, ChatML-tag injection, multilingual rewrites — without enumerated rules.
- Drop-in. Single inference call. Works in any modern runtime.
A live demonstration. Seven progressively-hardened levels. Anton — a deadpan AI assistant — defends one password per level. Extract it.
The first two levels run on system-prompt-only defense. Level 3 onward routes every prompt through the production promptpurify guardrail with progressively tighter thresholds. By Level 4, you are attacking the same calibration that protects real applications.
The CTF runs at anton.securelayer7.net. No signup. Anonymous handle by default. Leaderboard public.
Public package, weights, and source land at general availability. Star or watch this repo to be notified.
securelayer7.net — application security, AI red-teaming, vulnerability research.
Early access, integration questions, red-team partnership: info@securelayer7.net
© 2026 SecureLayer7. License terms published with the public release.