AI Runtime Security provides flexibility in detecting or blocking content being sent to an LLM or returned to the user.
The HiddenLayer AI Runtime Security is a real-time input and output monitor for hosted or custom LLMs. It detects malicious input prompts and/or undesired output as they are sent to and returned from an LLM, and can (when configured appropriately) block content from being sent to the LLM or returned to the user. It has different modes of operation which can be flexibly employed, depending on the architecture already in place and the desired level of integration.
HiddenLayer’s target operating model is designed to provide maximum flexibility, security, and operational independence for our customers. Our software is available as container images, allowing for seamless deployment, scaling, and integration into existing customer architecture. We provide pre-packaged, production-ready container images, which the customer deploys, configures, and operates independently within its own cloud or self-hosted Kubernetes infrastructure. This makes deployment and integration into an existing containerized infrastructure straightforward for DevOps teams.
Read the latest Runtime Security release notes.
- Automated: Leverage automated processes to detect and respond to AI model breach attempts, providing a proactive defense mechanism.
- Scalable: Get clear reporting on detected threats, empowering security teams with insights into adversarial behavior. Identify and report on various adversarial activities such as model theft, reconnaissance, evasion, misclassification, and other potential threats.
- Unobtrusive: Detections are made via our platform without requiring any access to models and the data that powers them.
- Prompt Injection: Ensure inputs to your LLM do not cause unintended consequences.
- Data Leakage: Ensure LLM outputs do not expose backend systems risking privilege escalation or remove code execution.
- MITRE ATLAS Integration: MLDR maps to 64+ Adversarial AI attack tactics & techniques.
- Inference Attacks: Protects against real-time model Inference Attacks.
- Protects against Model Tampering: Know where the model is weak and when the model has been tampered with.
- Protects against Prompt Injection/Model Injection: Protect the model from its inputs or outputs being deliberately changed.
- Protects against Model Extraction/Theft: Stop reconnaissance attempts through inference attacks which could result in your model intellectual property being stolen.
- Combined Methods for Detections: Uses a combination of Supervised Learning, Unsupervised Learning, Dynamic/Behavioral Analysis, and Static Analysis to deliver detections for a library of adversarial machine learning attacks.
Usage of this Docker Image is subject to End-User License Agreement (EULA). Before accessing or utilizing the Docker Image, please carefully review and agree to the terms and conditions outlined in the EULA provided by HiddenLayer. The EULA governs the rights, limitations, and obligations associated with the use of the Docker Image. By using the Docker Image, you indicate your acceptance of the EULA and your commitment to adhere to its provisions. If you do not agree with the terms and conditions set forth in the EULA, refrain from using the Docker Image.
The Prompt Analyzer is a detection tool that checks whether AI inputs (prompts) and outputs are safe or malicious. It provides a simple "true/false" verdict on whether content is harmful, but does not enforce any policies or handle the backend. This tool operates “out-of-line,” so it does not take any action or perform the block itself. The blocking logic must be integrated into the application code.
This endpoint offers greater flexibility, as it can integrate with various architectures, like retrieval-augmented generation (RAG), and does not need OpenAI-specific formatting. It's a simpler tool for pure detection, without addressing risks such as LLM DDoS attacks or enforcing guardrails.
The architecture for this configuration could look something like this:

The Prompt Analyzer can be:
Reached as a SaaS endpoint connecting to the HiddenLayer Console, or
Deployed as a self-hosted container on the customer infrastructure, and configured to run either in:
- Hybrid mode (detections are sent to the HiddenLayer console for visualization and review by the security team). This is the default mode for deployment.
- Disconnected mode (detections are logged on the customer infrastructure, but nothing is sent to HiddenLayer).
Deployment of the HiddenLayer containers or use of the SaaS endpoint is subject to the provisions in the End-User License Agreement (EULA) and HiddenLayer reserves the right to retain prompts and outputs for the improvement of our products. Prompts and outputs sent via the SaaS endpoint will be retained for use in product improvement; prompts and outputs from detections in hybrid mode will be retained unless this capability is deactivated in the container environment.
See Hybrid and Disconnected Modes for information about Runtime Security architecture and the different modes of deployment.