llm-guard
LLM Guard is an open-source Python toolkit that provides input and output scanning for large language models to detect and prevent security issues like prompt injection, data leakage, and harmful content. It offers 15 prompt scanners and 20 output scanners that can be deployed as middleware or API in production LLM applications.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | protectai/llm-guard |
| Owner | protectai |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 3.2k |
| Forks | 416 |
| Open issues | 37 |
| Latest release | Unknown |
| Last updated | 2025-12-15 |
| Source | https://github.com/protectai/llm-guard |
What llm-guard is
LLM Guard is a modular Python package (3.9+) exposing composable scanner classes for sanitization, adversarial input detection, and output validation in LLM pipelines. Scanners include ML-based detectors (toxicity, bias, gibberish), pattern-based filters (secrets, code, substrings), and semantic checks (prompt injection, factual consistency), with pluggable model backends and API deployment support.
Get the llm-guard source
Clone the repository and explore it locally.
git clone https://github.com/protectai/llm-guard.gitcd llm-guard# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Model dependencies: base functionality requires minimal deps, but advanced scanners auto-install transformers, nltk, and other ML libraries; plan for ~500MB+ disk and model cache overhead.
- Latency profiling: test scanner chains on your LLM response times and throughput targets; ML-based scanners (sentiment, toxicity, bias) may add 500ms–2s per call depending on model and hardware.
- Configuration and tuning: each scanner exposes threshold, model, and behavior parameters; start with defaults, then tune false positive/negative rates against your use case and data.
- Error handling: decide on policy if scanner fails (timeout, model unavailable, invalid input): reject, warn, or pass-through; implement monitoring and fallback logic.
- Cost of external models: downloading and caching HuggingFace models on each scanner init can be slow; consider initializing once and sharing across requests in production.
When to avoid it — and what to weigh
- Need guaranteed security hardening — LLM Guard is a detection and filtering layer, not a cryptographic guarantee. Determined attackers may craft inputs that evade ML-based scanners; use as defense-in-depth, not sole protection.
- Require commercial SLA and support contract — Project is open-source community-driven. While Protect AI offers email support, there is no published SLA, guaranteed response time, or commercial support tier in the data provided.
- Need real-time, sub-millisecond latency — Scanners invoke external models (transformers, sentiment analyzers) and APIs; latency depends on model size and inference hardware. Not suitable for extremely latency-critical applications without profiling and optimization.
- Cannot depend on external model downloads — Some scanners require downloading ML models at runtime (e.g., toxicity, bias detectors); requires internet access during first run and disk space. Offline or air-gapped deployments need pre-caching.
License & commercial use
Licensed under MIT (MIT License), a permissive OSI-approved license permitting commercial use, modification, and distribution with minimal restrictions (retain copyright notice and license).
MIT license permits commercial use without explicit restrictions. However, the project is open-source and community-maintained; commercial deployment responsibility rests with the integrator (security testing, validation, monitoring). Protect AI offers optional email-based community support but no published commercial SLA. Verify compliance with your security and support policies before production deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
LLM Guard is a detection and mitigation toolkit, not a security guarantee. Scanner effectiveness varies: pattern-based scanners (regex, substrings) are deterministic; ML-based scanners (toxicity, prompt injection, gibberish) have false positive/negative rates dependent on training data and model. Adversarial inputs may evade ML detectors. Use as part of defense-in-depth (e.g., input validation, rate limiting, output sampling, human review). Audit and test scanners against your threat model. No published security audit or CVE history in data; review responsibly.
Alternatives to consider
Langchain safety/moderation chains
Langchain includes built-in LLM-as-judge and OpenAI moderation integrations; tightly coupled to Langchain pipelines; less granular and configurable than LLM Guard's scanner architecture.
Lakera/Prompt Injection Detection API
Specialized SaaS/API for prompt injection detection; closed-source, commercial model; simpler integration but vendor lock-in and per-request costs; no output scanning.
Self-built scanners using LLMs (e.g., Claude content policy evaluation)
Use a strong LLM as a judge for safety; highly flexible and customizable but higher latency, cost, and complexity; no pre-built modules or pattern matching.
Build on llm-guard with DEV.co software developers
Integrate LLM Guard into your pipeline to prevent prompt injection, data leakage, and harmful outputs. Start with pip install llm-guard and explore the interactive playground.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
llm-guard FAQ
Can I use LLM Guard offline?
What latency should I expect?
Does LLM Guard guarantee it will stop all malicious prompts?
Is commercial support available?
Software developers & web developers for hire
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If llm-guard is part of your ai frameworks roadmap, our team can implement, customize, migrate, and maintain it.
Secure Your LLM Application Today
Integrate LLM Guard into your pipeline to prevent prompt injection, data leakage, and harmful outputs. Start with pip install llm-guard and explore the interactive playground.