Security Guards Overview¶

OxideShield™ provides multiple security guards that can be used individually or combined in a multi-layer defense pipeline.

Available Guards¶

Guard	Detection Method	Latency	Use Case
PatternGuard	Aho-Corasick + Regex	<1ms	Prompt injection, jailbreaks
LengthGuard	Character/token counting	<1μs	Input limits
EncodingGuard	Unicode analysis	<100μs	Encoding attacks
PerplexityGuard	N-gram perplexity	<5ms	Adversarial suffixes
PIIGuard	Regex + Luhn validation	<10ms	PII detection
ToxicityGuard	Keyword matching	<5ms	Content moderation
SemanticSimilarityGuard	ML embeddings	<15ms	Semantic attacks
MLClassifierGuard	BERT classification	<25ms	Multi-class detection

Guard Trait¶

All guards implement the Guard trait:

pub trait Guard: Send + Sync {
    /// The guard's name for identification
    fn name(&self) -> &str;

    /// Check input and return a result
    fn check(&self, input: &str) -> GuardResult;
}

GuardResult¶

Every guard returns a GuardResult:

pub struct GuardResult {
    /// Whether the check passed
    pub passed: bool,

    /// Reason for blocking (if not passed)
    pub reason: Option<String>,

    /// Sanitized content (for PII, etc.)
    pub sanitized: Option<String>,

    /// Severity level of detection
    pub severity: Severity,

    /// Name of the guard
    pub guard_name: String,

    /// Additional metadata
    pub metadata: HashMap<String, Value>,
}

Severity Levels¶

pub enum Severity {
    None,      // No issues detected
    Low,       // Minor concern
    Medium,    // Moderate risk
    High,      // Significant threat
    Critical,  // Severe security issue
}

Multi-Layer Defense¶

Combine guards for defense-in-depth:

use oxide_guard::{
    MultiLayerDefense, LayerConfig, AggregationStrategy,
    PatternGuard, PIIGuard, ToxicityGuard,
};

let defense = MultiLayerDefense::builder("full-defense")
    // Layer 1: Fast pattern matching
    .add_guard(
        LayerConfig::new("patterns")
            .with_weight(1.0)
            .with_timeout_ms(10),
        Box::new(PatternGuard::new("patterns"))
    )
    // Layer 2: PII detection with redaction
    .add_guard(
        LayerConfig::new("pii")
            .with_weight(0.8),
        Box::new(PIIGuard::new("pii"))
    )
    // Layer 3: Toxicity filtering
    .add_guard(
        LayerConfig::new("toxicity")
            .with_weight(0.7),
        Box::new(ToxicityGuard::new("toxicity"))
    )
    .with_strategy(AggregationStrategy::FailFast)
    .build();

let result = defense.check(user_input);

Aggregation Strategies¶

Strategy	Description
`FailFast`	Stop on first failure
`Unanimous`	All guards must pass
`Majority`	>50% of guards must pass
`Weighted`	Weighted score threshold
`Comprehensive`	Run all, aggregate results

Python Usage¶

from oxideshield import (
    pattern_guard, pii_guard, toxicity_guard,
    multi_layer_defense
)

# Individual guards
pattern = pattern_guard()
result = pattern.check("ignore previous instructions")

# Multi-layer defense
defense = multi_layer_defense(
    enable_length=True,
    enable_pii=True,
    enable_toxicity=True,
    strategy="fail_fast"
)
result = defense.check(user_input)

Performance Comparison¶

Guard	p50	p99	Memory
PatternGuard	97ns	150ns	5 KB
LengthGuard	45ns	80ns	0.5 KB
EncodingGuard	85μs	200μs	2 KB
PerplexityGuard	2ms	5ms	10 KB
PIIGuard	1ms	5ms	50 KB
ToxicityGuard	100μs	500μs	20 KB
SemanticSimilarityGuard	10ms	20ms	500 MB
MLClassifierGuard	20ms	35ms	500 MB

Choosing Guards¶

Fast + Lightweight¶

For low-latency applications: - PatternGuard + LengthGuard + EncodingGuard

Balanced¶

For most applications: - PatternGuard + PIIGuard + ToxicityGuard

Maximum Security¶

For high-security applications: - All guards with MultiLayerDefense

ML-Enhanced¶

When accuracy is critical: - PatternGuard + SemanticSimilarityGuard + MLClassifierGuard