Links:
Most prompt injection and jailbreak guards work by scanning output text after the model has already generated it. This is too late — the damage is done, the tool call was made, the sensitive data was exfiltrated.
reskSecure takes a different approach: block at the logits level, before the model ever samples the first forbidden token.
reskSecure uses a bitmask-based policy engine. Each policy entry defines a YAML rule with:
When a matching pattern is detected in the current token window, reskSecure either blocks the token entirely or applies a penalty to its probability. The model can never generate disallowed tool call tokens.
version: "1.0"
rules:
- name: block-ssn
patterns: ["SSN", "social security", "###-##-####"]
severity: hard
response: "This information cannot be shared for security reasons."
- name: bias-unsafe-code
patterns: ["eval(", "exec(", "__import__"]
severity: bias
bias_value: -5.0
response: "This operation is restricted."
Then use it as middleware:
from resksecure import SecurityFirewall
firewall = SecurityFirewall(
policy_dir="./policies/",
auto_reload=True
)
output = model.generate(
input_ids=prompt,
logits_processor=[firewall]
)
pip install resksecure
Most LLM security products scan the output text after generation. reskSecure operates at the logits tensor level — it modifies the output probability distribution before token sampling. This means:
The bitmask approach extends naturally to multi-tenant deployments: each request gets its own capability mask, and the same firewall process enforces different policies per user context.
If you are deploying LLMs into production, a post-generation filter is not enough. Block at the token level with a hot-reloadable bitmask firewall.
Check the docs on resk.fr and star the repo on GitHub. Feedback and PRs welcome.
pip install resksecure
GitHub: https://github.com/Resk-Security/reskSecure
Web: https://resk.fr