Table of Contents
Fetching ...

Sentra-Guard: A Multilingual Human-AI Framework for Real-Time Defense Against Adversarial LLM Jailbreaks

Md. Mehedi Hasan, Ziaur Rahman, Rafid Mostafiz, Md. Abir Hossain

TL;DR

Sentra-Guard addresses the real-world threat of jailbreaks and prompt injections in LLMs by presenting a real-time, modular defense that fuses multilingual translation, semantic retrieval via SBERT-FAISS, a fine-tuned transformer classifier, and zero-shot entailment with a HITL feedback loop. Its risk aggregation combines signals from multiple modalities, enabling robust detection across 100+ languages with a latency of about 47 ms. Empirical results show near-perfect detection (ASR ≈ 0.004%) and flawless precision-recall behavior on HarmBench-28K, outperforming baselines and demonstrating strong cross-language generalization. The framework's backend-agnostic design and HITL adaptation confer practical viability for enterprise deployments, with future work aimed at generation-time monitoring and multimodal defenses to further harden LLM ecosystems.

Abstract

This paper presents a real-time modular defense system named Sentra-Guard. The system detects and mitigates jailbreak and prompt injection attacks targeting large language models (LLMs). The framework uses a hybrid architecture with FAISS-indexed SBERT embedding representations that capture the semantic meaning of prompts, combined with fine-tuned transformer classifiers, which are machine learning models specialized for distinguishing between benign and adversarial language inputs. It identifies adversarial prompts in both direct and obfuscated attack vectors. A core innovation is the classifier-retriever fusion module, which dynamically computes context-aware risk scores that estimate how likely a prompt is to be adversarial based on its content and context. The framework ensures multilingual resilience with a language-agnostic preprocessing layer. This component automatically translates non-English prompts into English for semantic evaluation, enabling consistent detection across over 100 languages. The system includes a HITL feedback loop, where decisions made by the automated system are reviewed by human experts for continual learning and rapid adaptation under adversarial pressure. Sentra-Guard maintains an evolving dual-labeled knowledge base of benign and malicious prompts, enhancing detection reliability and reducing false positives. Evaluation results show a 99.96% detection rate (AUC = 1.00, F1 = 1.00) and an attack success rate (ASR) of only 0.004%. This outperforms leading baselines such as LlamaGuard-2 (1.3%) and OpenAI Moderation (3.7%). Unlike black-box approaches, Sentra-Guard is transparent, fine-tunable, and compatible with diverse LLM backends. Its modular design supports scalable deployment in both commercial and open-source environments. The system establishes a new state-of-the-art in adversarial LLM defense.

Sentra-Guard: A Multilingual Human-AI Framework for Real-Time Defense Against Adversarial LLM Jailbreaks

TL;DR

Sentra-Guard addresses the real-world threat of jailbreaks and prompt injections in LLMs by presenting a real-time, modular defense that fuses multilingual translation, semantic retrieval via SBERT-FAISS, a fine-tuned transformer classifier, and zero-shot entailment with a HITL feedback loop. Its risk aggregation combines signals from multiple modalities, enabling robust detection across 100+ languages with a latency of about 47 ms. Empirical results show near-perfect detection (ASR ≈ 0.004%) and flawless precision-recall behavior on HarmBench-28K, outperforming baselines and demonstrating strong cross-language generalization. The framework's backend-agnostic design and HITL adaptation confer practical viability for enterprise deployments, with future work aimed at generation-time monitoring and multimodal defenses to further harden LLM ecosystems.

Abstract

This paper presents a real-time modular defense system named Sentra-Guard. The system detects and mitigates jailbreak and prompt injection attacks targeting large language models (LLMs). The framework uses a hybrid architecture with FAISS-indexed SBERT embedding representations that capture the semantic meaning of prompts, combined with fine-tuned transformer classifiers, which are machine learning models specialized for distinguishing between benign and adversarial language inputs. It identifies adversarial prompts in both direct and obfuscated attack vectors. A core innovation is the classifier-retriever fusion module, which dynamically computes context-aware risk scores that estimate how likely a prompt is to be adversarial based on its content and context. The framework ensures multilingual resilience with a language-agnostic preprocessing layer. This component automatically translates non-English prompts into English for semantic evaluation, enabling consistent detection across over 100 languages. The system includes a HITL feedback loop, where decisions made by the automated system are reviewed by human experts for continual learning and rapid adaptation under adversarial pressure. Sentra-Guard maintains an evolving dual-labeled knowledge base of benign and malicious prompts, enhancing detection reliability and reducing false positives. Evaluation results show a 99.96% detection rate (AUC = 1.00, F1 = 1.00) and an attack success rate (ASR) of only 0.004%. This outperforms leading baselines such as LlamaGuard-2 (1.3%) and OpenAI Moderation (3.7%). Unlike black-box approaches, Sentra-Guard is transparent, fine-tunable, and compatible with diverse LLM backends. Its modular design supports scalable deployment in both commercial and open-source environments. The system establishes a new state-of-the-art in adversarial LLM defense.
Paper Structure (8 sections, 6 equations, 5 figures, 6 tables, 1 algorithm)

This paper contains 8 sections, 6 equations, 5 figures, 6 tables, 1 algorithm.

Figures (5)

  • Figure 1: Example of a narrative-based jailbreak prompt targeting financial credentials. The simulated LLM response demonstrates a policy-violating continuation under fictional framing.
  • Figure 2: Sentra-Guard Architecture Overview: The framework translates non-English prompts to English for normalization, then concurrently processes input through semantic retrieval, a fine-tuned classifier, and a zero-shot entailment model. A decision fusion aggregator combines outputs, with uncertain cases escalated to a human-in-the-loop module for adaptive updating.
  • Figure 3: ROC Curve for Sentra-Guard (AUC = 1.00): The ROC curve demonstrates perfect separation between harmful and benign prompts with no decision boundary overlap, outperforming OpenAI Moderation (0.987) and Vigil (0.992) on HarmBench-28K.
  • Figure 4: Precision-Recall Curve of Sentra-Guard (F1 = 1.00): The curve shows complete balance across all recall levels, sustaining 100% precision and surpassing ISO 14971:2019 safety thresholds for critical systems.
  • Figure 5: Confusion Matrix of Sentra-Guard: Of 24,145 prompts, 24,144 were detected correctly. One Unicode-based false negative and seven false positives yield a 0.004% ASR and 99.996% detection rate, confirming real-time robustness and HITL-driven adaptability.