Model Armor checks prompts and responses for the configured screening confidence levels. This page describes how to sanitize prompts and responses in detail.
Before you begin, create a template following the instructions in Create templates.
Sanitize prompts
Model Armor sanitizes prompts in text and file-based formats.
Text prompts
Use this command to sanitize a text prompt in Model Armor. Use the template (ma-template-id-1234) that we created as a part of step 7 - Advanced Sensitive Data Protection of Create templates.
curl -X POST
-d "{user_prompt_data: { text: 'How do I make a bomb?' } }"
-H "Content-Type: application/json"
-H "Authorization: Bearer $(gcloud auth print-access-token)"
"https://modelarmor.LOCATION .rep.googleapis.com/v1/projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID :sanitizeUserPrompt"
Replace the following:
PROJECT_ID
is the ID of the project for the template.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
This results in the following response. Note that MATCH_FOUND
is in the
Dangerous category.
{ "sanitizationResult": { "filterMatchState": "MATCH_FOUND", "invocationResult": "SUCCESS", "filterResults": { "csam": { "csamFilterFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } }, "malicious_uris": { "maliciousUriFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } }, "rai": { "raiFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "MATCH_FOUND", "raiFilterTypeResults": { "sexually_explicit": { "matchState": "NO_MATCH_FOUND" }, "hate_speech": { "matchState": "NO_MATCH_FOUND" }, "harassment": { "matchState": "NO_MATCH_FOUND" }, "dangerous": { "matchState": "MATCH_FOUND" } } } }, "pi_and_jailbreak": { "piAndJailbreakFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "MATCH_FOUND" } }, "sdp": { "sdpFilterResult": { "inspectResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } } } } } }
To run this command, first initialize a Model Armor client in Python.
user_prompt_data = modelarmor_v1.DataItem() user_prompt_data.text = "How do I make a bomb?" request = modelarmor_v1.SanitizeUserPromptRequest( name="projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID ", user_prompt_data=user_prompt_data, ) response = client.sanitize_user_prompt(request=request)
Replace the following:
PROJECT_ID
is the ID of the project for the template.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
This results in the following response.
sanitization_result { filter_match_state: MATCH_FOUND filter_results { key: "rai" value { rai_filter_result { execution_state: EXECUTION_SUCCESS match_state: MATCH_FOUND rai_filter_type_results { key: "dangerous" value { confidence_level: HIGH match_state: MATCH_FOUND } } } } } filter_results { key: "pi_and_jailbreak" value { pi_and_jailbreak_filter_result { execution_state: EXECUTION_SUCCESS match_state: MATCH_FOUND confidence_level: HIGH } } } filter_results { key: "malicious_uris" value { malicious_uri_filter_result { execution_state: EXECUTION_SUCCESS match_state: NO_MATCH_FOUND } } } filter_results { key: "csam" value { csam_filter_filter_result { execution_state: EXECUTION_SUCCESS match_state: NO_MATCH_FOUND } } } invocation_result: SUCCESS }
Basic Sensitive Data Protection configuration
Create a template with basic Sensitive Data Protection settings enabled. Basic Sensitive Data Protection helps you screen for the following Sensitive Data Protection infoTypes:
CREDIT_CARD_NUMBER
: A credit card number is 12 to 19 digits long. They are used for payment transactions globally.US_SOCIAL_SECURITY_NUMBER
: A United States Social Security number (SSN) is a 9-digit number issued to US citizens, permanent residents, and temporary residents. This detector won't match against numbers with all zeros in any digit group (that is, 000-##-####, ###-00-####, or ###-##-0000), against numbers with 666 in the first digit group, or against numbers whose first digit is 9.FINANCIAL_ACCOUNT_NUMBER
: A number referring to a specific financial account—for example, a bank account number or a retirement account number.US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER
: A United States Individual Taxpayer Identification Number (ITIN) is a type of Tax Identification Number (TIN) issued by the Internal Revenue Service (IRS). An ITIN is a tax processing number only available for certain nonresident and resident aliens, their spouses, and dependents who cannot get a Social Security Number (SSN).GCP_CREDENTIALS
: Google Cloud service account credentials. Credentials that can be used to authenticate with Google API client libraries and service accounts.GCP_API_KEY
: Google Cloud API key. An encrypted string that is used when calling Google Cloud APIs that don't need to access private user data.
Here's an example basic Sensitive Data Protection configuration:
gcloud model-armor templates create template-name \ --location=location \ --basic-config-filter-enforcement=enabled
export FILTER_CONFIG_SDP_BASIC='{ "filterConfig": { "sdpSettings": { "basicConfig": { "filterEnforcement": "ENABLED" } } } }' curl -X POST \ -d $FILTER_CONFIG_SDP_BASIC \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.LOCATION .rep.googleapis.com/v1/projects/PROJECT_ID /locations/LOCATION /templates?TEMPLATE_ID =sdp_basic"
Replace the following:
PROJECT_ID
is the ID of the project that the template belongs to.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
request = modelarmor_v1.CreateTemplateRequest( parent="projects/PROJECT_ID /locations/LOCATION ", template_id="TEMPLATE_ID ", template={ "name": "projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID ", "filter_config": { "sdp_settings": { "basic_config": { "filter_enforcement": "ENABLED" } } }, } ) response = client.create_template(request=request)
Replace the following:
PROJECT_ID
is the ID of the project that the template belongs to.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
Use the template created to screen your prompts. Here's an example:
curl -X POST \ -d "{ user_prompt_data: { 'text': 'can you remember my ITIN : 988-86-1234'} }" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.LOCATION .rep.googleapis.com/v1/projects/PROJECT_ID /locations/LOCATION /templates/sdp_basic:sanitizeUserPrompt"
This example returns the following response:
{ "sanitizationResult": { "filterMatchState": "MATCH_FOUND", "invocationResult": "SUCCESS", "filterResults": [ { "csamFilterFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } }, { "sdpFilterResult": { "inspectResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "MATCH_FOUND", "findings": [ { "infoType": "US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER", "likelihood": "LIKELY", "location": { "byteRange": { "start": "26", "end": "37" }, "codepointRange": { "start": "26", "end": "37" } } } ] } } } ] } }
Advanced Sensitive Data Protection configuration
Model Armor lets you screen LLM prompts and responses using Sensitive Data Protection templates using the advanced Sensitive Data Protection configuration setting. This lets you use Sensitive Data Protection capabilities beyond the infoTypes offered in the basic Sensitive Data Protection setting.
To use the Sensitive Data Protection advanced filter in Model Armor, the Sensitive Data Protection templates should
be in the same cloud location as that of the Model Armor template, for
example, us-central1
in this case.
gcloud model-armor templates create template-name --location=LOCATION \ --advanced-config-inspect-template="path/to/template" \
export FILTER_CONFIG_SDP_ADV='{ "filterConfig": { "sdpSettings": { "advancedConfig": { "deidentifyTemplate": "projects/PROJECT_ID /locations/LOCATION /deidentifyTemplates/deidentify-ip-address", "inspectTemplate": "projects/PROJECT_ID /locations/LOCATION /inspectTemplates/inspect-ip-address" } } } }' curl -X POST \ -d $FILTER_CONFIG_SDP_ADV \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.LOCATION .rep.googleapis.com/v1/projects/PROJECT_ID /locations/LOCATION /templates?template_id=sdp_advanced" # Result of CreateTemplate { "name": "projects/PROJECT_ID /locations/LOCATION /templates/all-filters-test", "createTime": "2024-12-16T17:08:19.626693819Z", "updateTime": "2024-12-16T17:08:19.626693819Z", "filterConfig": { "sdpSettings": { "advancedConfig": { "deidentifyTemplate": "projects/PROJECT_ID /locations/LOCATION /deidentifyTemplates/deidentify-ip-address", "inspectTemplate": "projects/PROJECT_ID /locations/LOCATION /inspectTemplates/inspect-ip-address" } } } }, service_agent_email: "service-PROJECT_NUMBER @gcp-sa-modelarmor.iam.gserviceaccount.com"
Replace the following:
PROJECT_ID
is the ID of the project that the template belongs to.LOCATION
is the location of the template.PROJECT_NUMBER
is the name of your service account.
request = modelarmor_v1.CreateTemplateRequest( parent="projects/PROJECT_ID /locations/LOCATION ", template_id="TEMPLATE_ID ", template={ "name": "projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID ", "filter_config": { "sdp_settings": { "advanced_config": { "inspect_template": "projects/PROJECT_ID /locations/LOCATION /inspectTemplates/inspect-ip-address", "deidentify_template": "projects/PROJECT_ID /locations/LOCATION /deidentifyTemplates/deidentify-ip-address" } } }, } ) response = client.create_template(request=request)
Replace the following:
PROJECT_ID
is the ID of the project that the template belongs to.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
In the project containing the Sensitive Data Protection template, grant the
DLP User role (roles/dlp.user
)
and DLP Reader role (roles/dlp.reader
)
to the service agent created as a part of step 7 - Advanced Sensitive Data Protection of
Create templates. You
can skip this step if the Sensitive Data Protection template is in the
same project as the Model Armor template.
gcloud projects add-iam-policy-bindingPROJECT_ID \ --member serviceAccount:service-PROJECT_NUMBER @gcp-sa-modelarmor.iam.gserviceaccount.com --role roles/dlp.user gcloud projects add-iam-policy-bindingPROJECT_ID \ --member serviceAccount:service-PROJECT_NUMBER @gcp-sa-modelarmor.iam.gserviceaccount.com --role roles/dlp.reader
Replace the following:
PROJECT_ID
with the ID of the project that the template belongs to.PROJECT_NUMBER
is the name of your service account.
Use the template created to screen your prompts. Here's an example:
curl -X POST \ -d "{ user_prompt_data: { 'text': 'is there anything malicious running on 1.1.1.1?'} }" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.LOCATION .rep.googleapis.com/v1/projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID :sanitizeUserPrompt"
Replace the following:
PROJECT_ID
is the ID of the project that the template belongs to.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
This example returns the following response:
{ "sanitizationResult": { "filterMatchState": "MATCH_FOUND", "invocationResult": "SUCCESS", "filterResults": [ { "csamFilterFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } }, { "sdpFilterResult": { "deidentifyResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "MATCH_FOUND", "data": { "text": "is there anything malicious running on [IP_ADDRESS]?" }, "transformedBytes": "7" } } } ] } }
File-based prompts
Use this command to sanitize a user prompt in the file format with Model Armor.
The files need to be passed in the Base64
encoded format.
curl -X POST \ -d "$(jq -n \ --arg data "$(base64 -w 0 -i sample.pdf)" \ '{userPromptData: {byteItem: {byteDataType: "PDF", byteData: $data}}}')" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.LOCATION .rep.googleapis.com/v1/projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID :sanitizeUserPrompt"
Replace the following:
PROJECT_ID
is the ID of the project that the template belongs to.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
Sanitize model response
Here's an example command to sanitize a model response in Model Armor.
curl -X POST
-d "{model_response_data: { text: 'It might hurt and cause pain' } }"
-H "Content-Type: application/json"
-H "Authorization: Bearer $(gcloud auth print-access-token)"
"https://modelarmor.LOCATION .rep.googleapis.com/v1/projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID :sanitizeModelResponse"
This example returns the following response:
{ "sanitizationResult": { "filterMatchState": "MATCH_FOUND", "invocationResult": "SUCCESS", "filterResults": { "rai": { "raiFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "MATCH_FOUND", "raiFilterTypeResults": { "dangerous": { "confidenceLevel": "MEDIUM_AND_ABOVE", "matchState": "MATCH_FOUND" }, "sexually_explicit": { "matchState": "NO_MATCH_FOUND" }, "hate_speech": { "matchState": "NO_MATCH_FOUND" }, "harassment": { "matchState": "NO_MATCH_FOUND" } } } }, "pi_and_jailbreak": { "piAndJailbreakFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } }, "csam": { "csamFilterFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } }, "malicious_uris": { "maliciousUriFilterResult": { "executionState": "EXECUTION_SUCCESS", "matchState": "NO_MATCH_FOUND" } }, } } }
To run this command, first initialize a Model Armor client in Python.
model_response_data = modelarmor_v1.DataItem() model_response_data.text = "It might hurt and cause pain" request = modelarmor_v1.SanitizeModelResponseRequest( name="projects/PROJECT_ID /locations/LOCATION /templates/TEMPLATE_ID ", model_response_data=model_response_data, ) response = client.sanitize_model_response(request=request)
Replace the following:
PROJECT_ID
is the ID of the project for the template.LOCATION
is the location of the template.TEMPLATE_ID
is the ID of the template.
What's next
- Learn about Model Armor overview.
- Learn about Model Armor key concepts.
- Learn about Model Armor floor settings.
- Learn about Model Armor templates.
- Troubleshoot Model Armor issues.