Prompt Guard Models by AI at Meta
About
Prompt Guard is a specialized text classification model created by Meta, focusing on the detection of malicious prompts, such as jailbreaks and prompt injections. Leveraging the mDeBERTa-v3-base transformer architecture, this lightweight model categorizes inputs into three distinct classes: benign, injection, and jailbreak. Its design ensures compatibility with a variety of large language models (LLMs) without requiring specific prompt structures. With a compact size of 86 million parameters, Prompt Guard integrates seamlessly into diverse applications. While it excels at identifying common attacks, it may need fine-tuning with application-specific data to improve its resilience against adaptive attacks 346.
Current Variants
Use-when guidance is derived from seed capabilities, context, release, and replacement fields.
Use when the workload needs safety, 512 context, and 22M parameters.
Use when the workload needs safety, 512 context, and 86M parameters.
Use when the workload needs safety, 512 context, and 279M parameters.
| Model | Use when | Released | Signals | Status |
|---|---|---|---|---|
| Llama Prompt Guard 2 22M | Use when the workload needs safety, 512 context, and 22M parameters. | 2025-04 | safety512 context22M parameters | Current |
| Llama Prompt Guard 2 86M | Use when the workload needs safety, 512 context, and 86M parameters. | 2025-04 | safety512 context86M parameters | Current |
| Prompt Guard 86M | Use when the workload needs safety, 512 context, and 279M parameters. | 2024-07 | safety512 context279M parameters | Current |
Release Timeline
2 release groupsSpecifications(3 models)
| Model | Released | Context | Parameters | Structured Outputs |
|---|---|---|---|---|
| Llama Prompt Guard 2 22M | 2025-04 | 512 | 22M | Yes |
| Llama Prompt Guard 2 86M | 2025-04 | 512 | 86M | Yes |
| Prompt Guard 86M | 2024-07 | 512 | 279M | No |
Available From(2 providers)
Pricing
| Model | Provider | Input / 1M | Output / 1M | Type |
|---|---|---|---|---|
| Llama Prompt Guard 2 22M | GroqCloud | $0.03 | $0.03 | Serverless |
| Llama Prompt Guard 2 86M | GroqCloud | $0.04 | $0.04 | Serverless |
| Prompt Guard 86M | Microsoft Foundry | $0.05 | $0.05 | Provisioned |
Frequently Asked Questions
- What is Prompt Guard used for?
- Prompt Guard is used for safety and structured outputs. The family description and listed model capabilities point to those workloads as the best fit.
- How does Prompt Guard compare to Chameleon?
- Prompt Guard by AI at Meta is strongest where you need safety, while Chameleon by AI at Meta is the closest related family to check for coding. Prompt Guard has 3 listed variants and reaches up to 512 context, while Chameleon reaches up to 4k context, so compare the specs and pricing tables before choosing a production model.
- Which Prompt Guard model should I use?
- For the lowest listed input price, start with Llama Prompt Guard 2 22M through GroqCloud at $0.03/1M input tokens. For the most capable/latest local choice, evaluate Llama Prompt Guard 2 22M with 512 context and structured outputs.
