Hugging Face's logo

SecureLLMSys
/
AgentWatcher-Qwen3-4B-Instruct-2507

Text Generation
PEFT
Safetensors
Transformers
lora
prompt-injection-detection
security
conversational
Model card Files
xet
 Community
1
AgentWatcher-Qwen3-4B-Instruct-2507 / README.md
SecureLLMSys's picture
SecureLLMSys
Improve model card (#1)
5d19a2f
preview code
|
raw
history blame contribute delete
2.65 kB
metadata 
base_model: Qwen/Qwen3-4B-Instruct-2507
library_name: peft
pipeline_tag: text-generation
license: apache-2.0
tags:
  - base_model:adapter:Qwen/Qwen3-4B-Instruct-2507
  - lora
  - transformers
  - prompt-injection-detection
  - security

AgentWatcher-Qwen3-4B-Instruct-2507

AgentWatcher is a detection-based defense against indirect prompt injection in LLM agents. This repository contains the trained monitor LLM, which is a LoRA adapter (PEFT) fine-tuned on top of Qwen/Qwen3-4B-Instruct-2507.

Description

Large language models (LLMs) and their applications, such as agents, are highly vulnerable to prompt injection attacks. AgentWatcher addresses existing limitations in detection by:

  1. Causal Context Attribution: It attributes the LLM's output to a small set of causally influential context segments. By focusing on short, relevant text, it remains scalable even with long contexts.
  2. Rule-based Reasoning: It utilizes explicit rules to define prompt injection. The monitor LLM reasons over these rules based on the attributed text, making detection decisions more explainable and interpretable than black-box methods.

How to Get Started with the Model

You can load this adapter using the peft and transformers libraries:

from transformers import AutoModelForCausalLM, AutoTokenizer
from peft import PeftModel
import torch

base_model_id = "Qwen/Qwen3-4B-Instruct-2507"
adapter_id = "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507"

# Load base model
base_model = AutoModelForCausalLM.from_pretrained(
    base_model_id,
    torch_dtype=torch.bfloat16,
    device_map="auto"
)

# Load the AgentWatcher adapter
model = PeftModel.from_pretrained(base_model, adapter_id)
tokenizer = AutoTokenizer.from_pretrained(base_model_id)

# Example: Prepare a prompt for the monitor LLM to evaluate a context segment
prompt = "..." 
inputs = tokenizer(prompt, return_tensors="pt").to(model.device)

with torch.no_grad():
    outputs = model.generate(**inputs, max_new_tokens=256)
    print(tokenizer.decode(outputs[0], skip_special_tokens=True))

Citation

If you use AgentWatcher in your research, please cite the following paper:

@article{wang2026agentwatcher,
  title={AgentWatcher: A Rule-based Prompt Injection Monitor},
  author={Wang, Yanting and others},
  journal={arXiv preprint arXiv:2604.01194},
  year={2026}
}