Model Armor overview

Model Armor is a fully managed Google Cloud service that enhances the security and safety of AI applications by screening LLM prompts and responses for various security and safety risks. Model Armor offers a number of features, including the following:

• Model-independent and cloud-independent: Model Armor is designed to support any model on any cloud platform. That includes multi-cloud and multi-model scenarios to choose the best AI solutions for your specific needs.
• Centralized management and enforcement: Model Armor enables centralized management and enforcement of security and safety policies.
• Public REST APIs: Model Armor provides a public REST API, allowing you to integrate prompt and response screening directly into your applications. This API-based approach supports various deployment scenarios.
• Role-based access control (RBAC): Model Armor incorporates role-based access control (RBAC) to manage access and permissions within the service so that different user roles have appropriate levels of control and visibility.
• Regional endpoints: Model Armor's API is exposed using regional endpoints, providing low latency.
• Multiple regions: Model Armor is accessible throughout various regions in the United States and Europe.
• Integration with Security Command Center: Model Armor is integrated with Security Command Center, you to view the findings in the Security Command Center dashboard and identify violations and remediate them from the source.
• Safety and security features:
  • Safety and responsible AI filters: Model Armor offers the filters for content safety, addressing concerns like sexually explicit, dangerous, harassment and hate speech content.
  • Prompt injection and jailbreak detection: Model Armor includes features to detect and prevent prompt injection and jailbreak attacks.
  • Data Loss Prevention (DLP) using Sensitive Data Protection: Model Armor includes the full capabilities of Google Cloud's Sensitive Data Protection service to provide data loss prevention capabilities. It can discover, classify, and protect sensitive data (e.g., intellectual property like source code or personally identifiable information like credit card numbers), preventing its unauthorized exposure in LLM interactions.
  • Malicious URL detection: Model Armor is capable of identifying malicious URLs in both prompts and responses, enhancing the security posture of AI applications.
  • Support for screening PDFs: Model Armor supports screening text in PDFs for malicious content.

Benefits

Model Armor offers several benefits for organizations, including the following:

• Enhanced AI safety and security: Model Armor helps organizations mitigate the security and safety risks associated with using LLMs. It addresses concerns such as prompt injection and jailbreak attempts, harmful content generation, malicious URLs, and sensitive data loss, allowing secure and reliable integrations of LLMs into products and services.
• Centralized visibility and control: Model Armor offers centralized management across all LLM applications, enabling CISOs and security architects to monitor and control security and safety policies.
• Flexible deployment options: Model Armor supports multi-cloud, multi-model, and multi-LLM scenarios and can be deployed at different points in the LLM application architecture, providing flexibility for organizations to integrate it into their existing infrastructure and workflows.
• Customization and integration: Model Armor allows for the customization of policies to suit specific application use cases and integrates into existing operational workflows, catering to the needs of both CTOs/developers and CISOs/security architects.

Architecture

This architecture diagram shows an application using Model Armor to protect an LLM and a user. The following steps explain the data flow.

1. A user provides a prompt to the application.
2. Model Armor inspects the incoming prompt for potentially sensitive content.
3. The prompt (or sanitized prompt) is sent to the LLM.
4. The LLM generates a response.
5. Model Armor inspects the generated response for potentially sensitive content.
6. The response (or sanitized response) is sent to the user. Model Armor sends a detailed description of triggered and untriggered filters in the response.

In short, Model Armor acts as a filter, inspecting both input (prompt) and output (response), to ensure the LLM isn't exposed or providing any malicious or sensitive inputs or outputs.

Use cases

Here are some examples of Model Armor use cases across various industries:

• Security

  • Organizations can mitigate the risk of leaking sensitive intellectual property (IP) and personally identifiable information (PII) from being included in LLM prompts or responses.
  • Organizations can protect against prompt injection and jailbreak attacks, preventing malicious actors from manipulating AI systems to perform unintended actions.
  • Organizations can scan text in PDFs for sensitive or malicious content.

• Safety and responsible AI

  • Organizations can prevent their chatbot from recommending competitor solutions, maintaining brand integrity and customer loyalty.
  • Organizations can filter social media posts generated by their AI containing harmful messaging, such as dangerous or hateful content.

Regional endpoints

Model Armor is a regional product, and the API is exposed using regional endpoints. The following regional endpoints are supported:

• United States

  • Iowa (us-central1 region): modelarmor.us-central1.rep.googleapis.com

  • Northern Virginia (us-east4 region): modelarmor.us-east4.rep.googleapis.com

  • Oregon (us-west1 region): modelarmor.us-west1.rep.googleapis.com

• Europe

  • Netherlands (europe-west4 region): modelarmor.europe-west4.rep.googleapis.com

Pricing

Model Armor can be purchased as an integrated part of Security Command Center or as a standalone service. See Security Command Center pricing for pricing for both the Security Command Center and standalone options.

Considerations

When using Model Armor, consider the following:

• The prompt injection and jailbreak detection filter supports up to 512 tokens, and the rest of the filters support up to 2000 tokens.
• Floor settings cannot enforce Sensitive Data Protection.
• Model Armor supports text and PDF formats. In PDFs, Model Armor scans only the textual content.

What's next

• Learn about Model Armor key concepts.
• Get started with Model Armor.
• Learn about Model Armor templates.
• Learn about Model Armor floor settings.
• Sanitize prompts and responses.
• Learn about Model Armor audit logging.
• Troubleshoot Model Armor issues.