llm-trust-guard 4.17.1 → 4.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,26 @@ All notable changes to `llm-trust-guard` will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [4.18.0] - 2026-04-10
|
|
9
|
+
|
|
10
|
+
### Removed — TF-IDF Built-in Classifier
|
|
11
|
+
|
|
12
|
+
Removed the experimental TF-IDF classifier after rigorous testing showed it is **not viable** for prompt injection detection:
|
|
13
|
+
|
|
14
|
+
- Trained on 3 datasets (CCS'24 2023, JailbreakDB Oct 2025, hlyn Apr 2026)
|
|
15
|
+
- All showed bimodal behavior or inadequate recall on modern attacks
|
|
16
|
+
- Root cause: bag-of-words (TF-IDF) cannot distinguish intent from vocabulary — attack prompts and creative prompts use identical language
|
|
17
|
+
- Research confirms: TF-IDF F1 ceiling for prompt injection is fundamentally limited (Trend Micro 2024)
|
|
18
|
+
|
|
19
|
+
**For users who need ML-level prompt injection detection:** Use the `DetectionClassifier` interface to plug in a real model like Meta Prompt Guard 2 (22M params, 88.7% recall at 1% FPR) or protectai/DeBERTa-v3.
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
- `CLAUDE.md` with project rules for data freshness validation and honest benchmarking
|
|
23
|
+
|
|
24
|
+
### Stats
|
|
25
|
+
- 34 guards, 695 tests, <5ms latency, zero dependencies
|
|
26
|
+
- Package size reduced ~300KB (model JSON removed)
|
|
27
|
+
|
|
8
28
|
## [4.17.1] - 2026-04-05
|
|
9
29
|
|
|
10
30
|
### Fixed — Pattern Weight and Regex Corrections
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "llm-trust-guard",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.18.0",
|
|
4
4
|
"description": "Comprehensive security guards for LLM-powered and agentic AI applications - 22 protection layers covering OWASP Top 10 for LLMs 2025, Agentic Applications 2026, and MCP Security. All guards now accessible via unified TrustGuard facade. Features prompt injection (PAP/persuasion), multi-modal attacks, RAG poisoning with embedding attack detection, memory persistence attacks, code execution sandboxing, multi-agent security, MCP tool shadowing prevention, system prompt leakage protection, human-agent trust exploitation (ASI09), autonomy escalation (ASI10), state persistence (ASI08), tool chain validation v2 (ASI07/ASI04), circuit breaker, drift detection, and more",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.mjs",
|