Show HN: Improving Prompt Injection Detection with Weighted Ensembles (github.com)

PromptForest, a novel ensemble-based prompt injection detection system, has been designed to enhance security in high-throughput production environments by effectively mitigating vulnerabilities associated with large language models (LLMs). Unlike traditional defenses that often rely on single, large models, PromptForest leverages a combination of lightweight expert models—including Meta's Llama Prompt Guard, Vijil Dome, and a custom XGBoost model—aggregating their predictions through a discrepancy-weighted voting mechanism. This innovative approach significantly reduces latency and enhances calibration, leading to safer outcomes when models make mistakes. The significance of PromptForest lies in its ability to maintain high accuracy while achieving over 60% fewer parameters than leading models, resulting in a lower Expected Calibration Error (ECE) and better confidence scores on incorrect predictions. Its mean latency of approximately 141 ms stands in stark contrast to the 430 ms of its closest competitor, Qualifire Sentinel v2, making it well-suited for real-world applications. Although it doesn't achieve the same raw accuracy as Sentinel, the decreased confidence in errors makes PromptForest an ideal candidate for "Human-in-the-Loop" systems, ultimately fostering a safer integration of AI in critical decision-making processes.