Bitmask-Based LLM Security Firewall with reskSecure — Block Jailbreaks at Token Level

ReskSecure introduces a bitmask-based security firewall that blocks prompt injection and jailbreak attempts at the logits level, before token sampling. The tool uses YAML-defined policies to detect forbidden patterns and either blocks or penalizes tokens, preventing disallowed tool calls. It integrates as a logits processor in Hugging Face's generate() function and supports multi-tenant deployments with per-request policy masks.

Links: Most prompt injection and jailbreak guards work by scanning output text after the model has already generated it. This is too late — the damage is done, the tool call was made, the sensitive data was exfiltrated. reskSecure takes a different approach: block at the logits level, before the model ever samples the first forbidden token. reskSecure uses a bitmask-based policy engine. Each policy entry defines a YAML rule with: When a matching pattern is detected in the current token window, reskSecure either blocks the token entirely or applies a penalty to its probability. The model can never generate disallowed tool call tokens. policies/block-pii.yaml version: "1.0" rules: - name: block-ssn patterns: "SSN", "social security", " - - " severity: hard response: "This information cannot be shared for security reasons." - name: bias-unsafe-code patterns: "eval ", "exec ", " import " severity: bias bias value: -5.0 response: "This operation is restricted." Then use it as middleware: python from resksecure import SecurityFirewall firewall = SecurityFirewall policy dir="./policies/", auto reload=True Use as a logits processor output = model.generate input ids=prompt, logits processor= firewall pip install resksecure Most LLM security products scan the output text after generation. reskSecure operates at the logits tensor level — it modifies the output probability distribution before token sampling. This means: The bitmask approach extends naturally to multi-tenant deployments: each request gets its own capability mask, and the same firewall process enforces different policies per user context. If you are deploying LLMs into production, a post-generation filter is not enough. Block at the token level with a hot-reloadable bitmask firewall. Check the docs on resk.fr and star the repo on GitHub. Feedback and PRs welcome. pip install resksecure GitHub: https://github.com/Resk-Security/reskSecure https://github.com/Resk-Security/reskSecure Web: https://resk.fr https://resk.fr