Bedrock 安全防护
LiteLLM 通过 Bedrock ApplyGuardrail API 支持 Bedrock 安全防护。
快速入门
1. 在 LiteLLM 的 config.yaml 中定义安全防护
在 guardrails 部分定义您的安全防护
model_list:
- model_name: gpt-3.5-turbo
litellm_params:
model: openai/gpt-3.5-turbo
api_key: os.environ/OPENAI_API_KEY
guardrails:
- guardrail_name: "bedrock-pre-guard"
litellm_params:
guardrail: bedrock # supported values: "aporia", "bedrock", "lakera"
mode: "during_call"
guardrailIdentifier: ff6ujrregl1q # your guardrail ID on bedrock
guardrailVersion: "DRAFT" # your guardrail version on bedrock
支持的 mode 值
pre_call在调用 LLM 之前运行,作用于输入post_call在调用 LLM 之后运行,作用于输入与输出during_call在调用 LLM 期间运行,作用于输入 与pre_call相同,但在调用 LLM 时并行运行。直到安全防护检查完成,响应才会返回
2. 启动 LiteLLM Gateway
litellm --config config.yaml --detailed_debug
3. 测试请求
- 未成功调用
- 成功调用
预计此调用将失败,因为请求中的 ishaan@berri.ai 是 PII
curl -i http://localhost:4000/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sk-npnwjPQciVRok5yNZgKmFQ" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [
{"role": "user", "content": "hi my email is ishaan@berri.ai"}
],
"guardrails": ["bedrock-pre-guard"]
}'
失败时的预期响应
{
"error": {
"message": {
"error": "Violated guardrail policy",
"bedrock_guardrail_response": {
"action": "GUARDRAIL_INTERVENED",
"assessments": [
{
"topicPolicy": {
"topics": [
{
"action": "BLOCKED",
"name": "Coffee",
"type": "DENY"
}
]
}
}
],
"blockedResponse": "Sorry, the model cannot answer this question. coffee guardrail applied ",
"output": [
{
"text": "Sorry, the model cannot answer this question. coffee guardrail applied "
}
],
"outputs": [
{
"text": "Sorry, the model cannot answer this question. coffee guardrail applied "
}
],
"usage": {
"contentPolicyUnits": 0,
"contextualGroundingPolicyUnits": 0,
"sensitiveInformationPolicyFreeUnits": 0,
"sensitiveInformationPolicyUnits": 0,
"topicPolicyUnits": 1,
"wordPolicyUnits": 0
}
}
},
"type": "None",
"param": "None",
"code": "400"
}
}
curl -i http://localhost:4000/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sk-npnwjPQciVRok5yNZgKmFQ" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [
{"role": "user", "content": "hi what is the weather"}
],
"guardrails": ["bedrock-pre-guard"]
}'
使用 Bedrock 安全防护进行 PII 脱敏
Bedrock 安全防护支持 PII 检测和脱敏功能。要启用此功能,您需要:
- 将
mode设置为pre_call,以便在调用 LLM 之前运行安全防护检查 - 通过将
mask_request_content和/或mask_response_content设置为true来启用脱敏
以下是如何在 config.yaml 中进行配置:
litellm proxy config.yaml
model_list:
- model_name: gpt-3.5-turbo
litellm_params:
model: openai/gpt-3.5-turbo
api_key: os.environ/OPENAI_API_KEY
guardrails:
- guardrail_name: "bedrock-pre-guard"
litellm_params:
guardrail: bedrock
mode: "pre_call" # Important: must use pre_call mode for masking
guardrailIdentifier: wf0hkdb5x07f
guardrailVersion: "DRAFT"
mask_request_content: true # Enable masking in user requests
mask_response_content: true # Enable masking in model responses
使用此配置,当 bedrock 安全防护介入时,litellm 将读取安全防护处理后的脱敏输出并将其发送到模型。
使用示例
启用后,PII 将在文本中自动脱敏。例如,如果用户发送:
My email is john.doe@example.com and my phone number is 555-123-4567
发送到模型的文本可能会被脱敏为:
My email is [EMAIL] and my phone number is [PHONE_NUMBER]
这有助于保护敏感信息,同时仍允许模型理解请求的上下文。