{"slug": "bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token", "title": "Bitmask-Based LLM Security Firewall with reskSecure — Block Jailbreaks at Token Level", "summary": "ReskSecure introduces a bitmask-based security firewall that blocks prompt injection and jailbreak attempts at the logits level, before token sampling. The tool uses YAML-defined policies to detect forbidden patterns and either blocks or penalizes tokens, preventing disallowed tool calls. It integrates as a logits processor in Hugging Face's generate() function and supports multi-tenant deployments with per-request policy masks.", "body_md": "Links:\n\nMost prompt injection and jailbreak guards work by scanning output text after the model has already generated it. This is too late — the damage is done, the tool call was made, the sensitive data was exfiltrated.\n\nreskSecure takes a different approach: block at the logits level, before the model ever samples the first forbidden token.\n\nreskSecure uses a bitmask-based policy engine. Each policy entry defines a YAML rule with:\n\nWhen a matching pattern is detected in the current token window, reskSecure either blocks the token entirely or applies a penalty to its probability. The model can never generate disallowed tool call tokens.\n\n```\n# policies/block-pii.yaml\nversion: \"1.0\"\nrules:\n  - name: block-ssn\n    patterns: [\"SSN\", \"social security\", \"###-##-####\"]\n    severity: hard\n    response: \"This information cannot be shared for security reasons.\"\n\n  - name: bias-unsafe-code\n    patterns: [\"eval(\", \"exec(\", \"__import__\"]\n    severity: bias\n    bias_value: -5.0\n    response: \"This operation is restricted.\"\n```\n\nThen use it as middleware:\n\n``` python\nfrom resksecure import SecurityFirewall\n\nfirewall = SecurityFirewall(\n    policy_dir=\"./policies/\",\n    auto_reload=True\n)\n\n# Use as a logits processor\noutput = model.generate(\n    input_ids=prompt,\n    logits_processor=[firewall]\n)\npip install resksecure\n```\n\nMost LLM security products scan the output text after generation. reskSecure operates at the logits tensor level — it modifies the output probability distribution before token sampling. This means:\n\nThe bitmask approach extends naturally to multi-tenant deployments: each request gets its own capability mask, and the same firewall process enforces different policies per user context.\n\nIf you are deploying LLMs into production, a post-generation filter is not enough. Block at the token level with a hot-reloadable bitmask firewall.\n\nCheck the docs on resk.fr and star the repo on GitHub. Feedback and PRs welcome.\n\npip install resksecure\n\nGitHub: [https://github.com/Resk-Security/reskSecure](https://github.com/Resk-Security/reskSecure)\n\nWeb: [https://resk.fr](https://resk.fr)", "url": "https://wpnews.pro/news/bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token", "canonical_source": "https://dev.to/resk/bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token-level-2f4e", "published_at": "2026-06-30 08:05:57+00:00", "updated_at": "2026-06-30 08:18:53.063896+00:00", "lang": "en", "topics": ["large-language-models", "ai-safety", "developer-tools"], "entities": ["ReskSecure", "Resk Security", "Hugging Face"], "alternates": {"html": "https://wpnews.pro/news/bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token", "markdown": "https://wpnews.pro/news/bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token.md", "text": "https://wpnews.pro/news/bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token.txt", "jsonld": "https://wpnews.pro/news/bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token.jsonld"}}