HeadlinesBriefing favicon HeadlinesBriefing.com

Reason Gate: Explainable LLM Security

Hacker News •
×

Reason Gate is an "explainable security gate" for LLM applications, designed to block prompt injection attacks with auditable reasons for every decision. Unlike simple blocklists, it provides detailed explanations for why a prompt was flagged, crucial for security teams and auditors.

It functions by inspecting user prompts, retrieved context, and model outputs. Key features include normalization for deobfuscation, injection/jailbreak detection (both rule-based and ML-enhanced), and specialized checks for indirect injection prevalent in RAG systems. It also incorporates multi-turn session awareness and output leakage detection.

The system operates in layers, with a zero-dependency Python core handling rules and normalization, and an optional enterprise add-on enabling ML-based detection and provenance tracking. This layered defense aims to prevent single points of failure. The proof of its efficacy lies not just in blocking attacks but in the absence of detrimental side effects, such as unauthorized fund transfers demonstrated in an example where $84,200 was saved.

Reason Gate is model-agnostic, wrapping any prompt-to-string function, including those from OpenAI, Anthropic, or local models. Its auditable decision logs provide machine-readable records detailing the action, risk score, and specific evidence for each decision, making it suitable for SOCs, SIEMs, and compliance trails. The open core is available for self-hosting, with no API keys or data leaving the server.