# Bitmask-Based LLM Security Firewall with reskSecure — Block Jailbreaks at Token Level

> Source: <https://dev.to/resk/bitmask-based-llm-security-firewall-with-resksecure-block-jailbreaks-at-token-level-2f4e>
> Published: 2026-06-30 08:05:57+00:00

Links:

Most prompt injection and jailbreak guards work by scanning output text after the model has already generated it. This is too late — the damage is done, the tool call was made, the sensitive data was exfiltrated.

reskSecure takes a different approach: block at the logits level, before the model ever samples the first forbidden token.

reskSecure uses a bitmask-based policy engine. Each policy entry defines a YAML rule with:

When a matching pattern is detected in the current token window, reskSecure either blocks the token entirely or applies a penalty to its probability. The model can never generate disallowed tool call tokens.

```
# policies/block-pii.yaml
version: "1.0"
rules:
  - name: block-ssn
    patterns: ["SSN", "social security", "###-##-####"]
    severity: hard
    response: "This information cannot be shared for security reasons."

  - name: bias-unsafe-code
    patterns: ["eval(", "exec(", "__import__"]
    severity: bias
    bias_value: -5.0
    response: "This operation is restricted."
```

Then use it as middleware:

``` python
from resksecure import SecurityFirewall

firewall = SecurityFirewall(
    policy_dir="./policies/",
    auto_reload=True
)

# Use as a logits processor
output = model.generate(
    input_ids=prompt,
    logits_processor=[firewall]
)
pip install resksecure
```

Most LLM security products scan the output text after generation. reskSecure operates at the logits tensor level — it modifies the output probability distribution before token sampling. This means:

The bitmask approach extends naturally to multi-tenant deployments: each request gets its own capability mask, and the same firewall process enforces different policies per user context.

If you are deploying LLMs into production, a post-generation filter is not enough. Block at the token level with a hot-reloadable bitmask firewall.

Check the docs on resk.fr and star the repo on GitHub. Feedback and PRs welcome.

pip install resksecure

GitHub: [https://github.com/Resk-Security/reskSecure](https://github.com/Resk-Security/reskSecure)

Web: [https://resk.fr](https://resk.fr)