Table of Contents
Fetching ...

Introducing the Generative Application Firewall (GAF)

Joan Vendrell Farreny, Martí Jordà Roca, Miquel Cornudella Gaya, Rodrigo Fernández Baón, Víctor García Martínez, Eduard Camacho Sucarrats, Alessandro Pignati

TL;DR

The paper addresses the security challenges of deploying LLM-based applications by proposing the Generative Application Firewall (GAF) as a unified security layer. It argues that existing defenses are fragmented and insufficient to counter semantic, context-dependent, and multi-turn threats, and it extends the OSI model with a Semantic Layer (L8) to enable holistic, context-aware enforcement across layers. The authors detail a five-layer architecture (Network, Access, Syntactic, Semantic, Context), deployment options (inline proxy, AI gateway, sidecar), a four-phase real-time enforcement loop, and a 5-star rating system to benchmark maturity and guide adoption. Governance mappings to standards like NIST AI RMF and ISO AI are discussed to ensure auditability and compliance. Collectively, the work presents a structured, scalable framework to standardize and operationalize safety in GenAI deployments, with practical implications for industry adoption and risk management.

Abstract

This paper introduces the Generative Application Firewall (GAF), a new architectural layer for securing LLM applications. Existing defenses -- prompt filters, guardrails, and data-masking -- remain fragmented; GAF unifies them into a single enforcement point, much like a WAF coordinates defenses for web traffic, while also covering autonomous agents and their tool interactions.

Introducing the Generative Application Firewall (GAF)

TL;DR

The paper addresses the security challenges of deploying LLM-based applications by proposing the Generative Application Firewall (GAF) as a unified security layer. It argues that existing defenses are fragmented and insufficient to counter semantic, context-dependent, and multi-turn threats, and it extends the OSI model with a Semantic Layer (L8) to enable holistic, context-aware enforcement across layers. The authors detail a five-layer architecture (Network, Access, Syntactic, Semantic, Context), deployment options (inline proxy, AI gateway, sidecar), a four-phase real-time enforcement loop, and a 5-star rating system to benchmark maturity and guide adoption. Governance mappings to standards like NIST AI RMF and ISO AI are discussed to ensure auditability and compliance. Collectively, the work presents a structured, scalable framework to standardize and operationalize safety in GenAI deployments, with practical implications for industry adoption and risk management.

Abstract

This paper introduces the Generative Application Firewall (GAF), a new architectural layer for securing LLM applications. Existing defenses -- prompt filters, guardrails, and data-masking -- remain fragmented; GAF unifies them into a single enforcement point, much like a WAF coordinates defenses for web traffic, while also covering autonomous agents and their tool interactions.
Paper Structure (15 sections, 2 figures, 3 tables)

This paper contains 15 sections, 2 figures, 3 tables.

Figures (2)

  • Figure 1: GAF as centralized enforcement across Network, Access, Syntactic, Semantic, and Context layers.
  • Figure 2: The context layer is the most difficult part in defining a proper GAF architecture