Skip to main content

Recipes

Recipes provide pre-built security solutions to your AI applications, reducing the time to implementation and providing a configurable list of security checks and transforms. Recipes are a named collection of Redact rules that apply an “if match, then action” policy to detect, replace, mask, or defang data from the match rule. Use the provided settings, clone existing recipes, or create new ones to meet and adapt to your security requirements. The recipe name parameter that is sent to the AI Guard API specifies which recipe to apply to the input text.

In each recipe, you can define actions that Redact will take when a specific string type is recognized. The “ingredients” of the recipe are the Redact rules that you apply to specific data types. You can set redaction rules in the Redact service for a given rule to the following options:

  • Detect Only - Matches to the rule are reported in the API response, but no redaction takes place.
  • Replacement - Replace the matching information with a per-rule configurable string (e.g. <IP_ADDRESS>) so that it can not be accurately read.
  • Mask - Masks the entire string with a fixed replacement string (e.g. “*”) to prevent decoding and use.
  • Partial Mask - Masks a portion of the string to prevent the entire string from being read.
  • Hash - Hashes the string to prevent it from being read by the LLM.
  • Format Preserving Encryption - Encrypts the personal data before sending it to the LLM. The format looks the same as the previous string. The LLM never reads the actual data.
  • Reputation Check - For URL, IP, and email rules, click this checkmark to analyze the reputation of the string against known malicious strings.
  • URL - If the risk level exceeds the threshold of maliciousness, the API will return the results of the check.
  • IP - If the risk level exceeds the threshold of maliciousness, the API will return the results of the check.
  • Email - If the email is found to be breached, the API will return that information in the response. The domain of the email will also be passed to the Domain Intel service to check if the email domain is malicious.
  • Defang If Malicious - Select this Redaction Type to defang any strings identified as malicious by the Reputation Check to increase your security posture. When this is selected, Reputation Check also gets checked and greyed out because it is required for Defang If Malicious to work. This is only available for URLs, domains, and IPs.

User Input Prompt

API recipe - pangea_prompt_guard

The User Input Prompt recipe is intended to be used on the user’s prompt before it is sent to the LLM for processing.

LLM Prompt Pre Send

API recipe - pangea_llm_prompt_guard

The LLM Prompt Pre Send recipe should be placed after the data sources get added as context (e.g. in a RAG implementation), but before the LLM receives the context-enhanced user prompt.

It can also perform reputation checks and defang malicious data (IP addresses, URLs, domains, etc) to prevent malicious data from being introduced into training data.

LLM Response

API recipe - pangea_llm_response_guard

The LLM Response recipe is placed after the AI response, and before the response is returned to the user.

It takes in the LLM's response to the prompt. Then it analyzes the data in the response for any malicious links, PII, or other data configured in the recipe and responds to each according to the settings. Once it has completed the identification, redaction, encryption, and defanging, the filtered response from AI Guard is safe for return to the user.

Ingestion, (e.g. RAG)

API recipe - pangea_ingestion_guard

The pangea_ingestion_guard recipe is intended for use in a data ingestion pipeline such as those in a Retrieval Augmented Generation (RAG) pattern. The recipe can be applied in order to detect, secure, and transform data as it is extracted from external data sources (e.g. Google Drive, Jira, Salesforce, Slack, Confluence, company proprietary databases and documentation, etc.) before being added to a repository (e.g. a Vector DB) that will be used to augment user prompts with related content to specialize the LLM application.

Was this article helpful?

Contact us