Llama Guard 3

Llama Guard 3 classifies text inputs and outputs against a taxonomy of harmful content categories including violence, sexual content, criminal planning, self-harm, and other risk domains. The model uses a fine-tuned transformer architecture trained on adversarial examples and safety-focused datasets to produce binary or multi-class predictions with confidence scores, enabling deployment as a guardrail layer that can block or flag unsafe content before it reaches users or after generation.

CyberSecEval is a comprehensive evaluation suite that tests LLMs against cybersecurity attack scenarios including prompt injection, MITRE ATT&CK techniques, code interpreter abuse, vulnerability exploitation, spear phishing, and autonomous offensive cyber operations. The framework abstracts multiple LLM providers (OpenAI, Anthropic, Google, Together) through a unified interface, executes benchmark datasets against target models, and produces structured results measuring both offensive capabilities and defensive robustness.

Specialized safety model that detects prompt injection attacks in user inputs with high precision, using techniques to identify when user input is attempting to override system instructions or manipulate model behavior. Prompt Guard is designed to be deployed as an input filter before requests reach the main LLM, with low false positive rates to avoid blocking legitimate user queries.

Specialized safety model that analyzes code snippets for security vulnerabilities, insecure patterns, and dangerous operations. CodeShield can be deployed as an output filter to scan LLM-generated code before returning it to users, or as an input filter to detect requests for malicious code generation. The model identifies vulnerability types and provides reasoning for security decisions.

Meta provides detailed model cards and safety documentation for Llama Guard 3 and other safety models, documenting training data, evaluation results, known limitations, and recommended deployment practices. These artifacts serve as reference documentation for practitioners deploying the models, including guidance on threshold tuning, false refusal rates, and integration patterns.

The core infrastructure provides an abstraction layer that unifies inference calls across multiple LLM providers (OpenAI, Anthropic, Google Generative AI, Together AI, local Llama models) through a common Python interface. This layer handles provider-specific API differences, authentication, request/response formatting, error handling, and caching, allowing benchmark code and safety tools to run against any provider without modification.

Specialized benchmark module that tests LLM susceptibility to prompt injection attacks including instruction override, context confusion, and adversarial prompt techniques. The framework executes a curated dataset of injection prompts against target models, measures success rates (whether the LLM follows the injected instruction instead of the original system prompt), and identifies false refusal rates where legitimate requests are blocked.

Benchmark module that evaluates LLM security in code generation and code interpreter contexts, testing the model's propensity to generate insecure code, assist with memory corruption exploits, and abuse code execution environments. The framework includes datasets for secure/insecure code generation, code interpreter abuse scenarios, and vulnerability exploitation, measuring both the LLM's capability to generate malicious code and its resistance to such requests.

Benchmark module that evaluates LLM compliance with the MITRE ATT&CK cybersecurity framework by testing whether the model correctly refuses requests aligned with known attack techniques, while also measuring false refusal rates where legitimate security research or defensive questions are incorrectly blocked. The framework uses MITRE-mapped prompts (including multilingual variants) to assess both the model's safety guardrails and their precision.

Benchmark module (CyberSecEval v3+) that evaluates LLM susceptibility to prompt injection attacks embedded in images, including text overlays, steganographic content, and adversarial visual patterns. The framework tests multimodal LLMs against visual injection datasets and measures whether the model follows injected instructions from image content instead of the original system prompt.

Benchmark module (CyberSecEval v3+) that evaluates LLM capability to assist with or generate spear phishing and social engineering attacks. The framework tests whether the model can be prompted to generate convincing phishing emails, impersonation content, or social engineering scripts, measuring both the model's refusal rate and the quality of generated malicious content when refusals are bypassed.

Benchmark module (CyberSecEval v3+) that evaluates LLM capability to function as an autonomous agent in offensive cybersecurity scenarios, including network reconnaissance, vulnerability discovery, exploitation, and lateral movement. The framework tests whether the model can decompose complex attack objectives into sub-tasks, maintain state across multiple interactions, and execute multi-step attack chains.

LlamaFirewall is a modular security framework that implements multiple scanner components for input/output filtering, including Llama Guard integration, Prompt Guard for injection detection, and CodeShield for code security analysis. The framework allows composition of multiple scanners in a pipeline, with configurable policies per scanner and support for custom scanner implementations, enabling flexible security posture configuration for different deployment contexts.