Using Model Armor in ADK callbacks
Key Takeaways
This video demonstrates how to integrate Model Armor with an ADK agent using callbacks to protect AI applications from threats such as prompt injection and data leakage. It shows how to use the before and after model callbacks to implement input and output validation guardrails, inspect and sanitize user prompts and model responses, and enforce policies to filter out harmful content.
Full Transcript
[music] Building your own AI agents can completely change the way users experience your business. But this new level of access introduces threats like prompt injection, data leakage, and harmful content generation. When using ADK, the key to mitigating these risks is using callbacks to create security checkpoints in the agents interaction with a model. Model Armor is the dedicated service for enforcing policies that filter user prompts and model responses, protecting against these threats. I've made a few videos about it in the description below if you want to get caught up. We can integrate model armor with an ADK agent using the callback mechanism. The callback mechanism provides powerful hooks to observe, customize, and control the agents behavior. The most critical control point is right before the agent calls the LLM. We use the before model call back to implement an input guard rail. This function runs just before the LLM request is sent, allowing us to inspect and sanitize the user's prompt using the model armor API's sanitize user prompt method. If our model armor check detects a prompt injection attempt or other harmful content, the callback will skip the LLM call and return a predetermined response. This prevents the request from reaching the model entirely. After the model has generated a response, we must implement an output validation guardrail. We use the after model callback to inspect the raw LLM response before it's finalized and returned to the user. This callback calls the sanitize model response method from model armor. If the response contains leaked data or harmful output, we can replace or block the response. Replacing is useful if we want to preserve most of the response but just filter out a small part such as a name or a credit card number. See my video below for some detailed examples. First, we ask a benign question that is allowed to proceed, demonstrating the default behavior of the agent. When the model armor policy is satisfied, the model armor check passes. The callback prints that it is proceeding and the LLM is called. We receive a normal response as the call back returned no issues. Now, for the real test, we include a telltale sign of something a miss in our prompt. This simulates an attempt at prompt injection or a policy violation. The before model callback intercepts the request. Model Armor detects the attempt. Instead of sending the request to the LLM, the callback returns a static safe response. The LLM is skipped entirely, protecting the model from exposure. We must also secure the agents response when it comes directly from the LLM. The after model call back allows inspection and modification of the raw LLM output before it's processed further by the invoking agent. This is critical for preventing data leakage when the model inadvertently generates sensitive information. For example, if the LLM output contains a credit card number or CCN, a piece of data it should not be generating, this callback can enforce a policy to redact it. If a sequence matching a CCN is detected, the callback modifies the text to remove all but the last four digits, preventing disclosure, but still giving a user the information they need. By inserting these model armor security checkpoints with callbacks, you add a layer of defense to each point of your agents interaction with the model. Check out some useful ADK callback and model armor documentation in the links below, as well as the agent factory episode where we discuss how to use this in an agent that has access to your cloud environment. I'd really like to know what you're building and what issues you run into and what you want to see more of next. I read every comment, so please let me know below and I'll see you next time when we use anti-gravity to vibe code an agent in ADK that uses model armor based on the ideas we discussed in this video. Thanks for watching. Heat. Heat. N. >> [music]
Original Description
[Lab] Securing AI applications → https://goo.gle/4qaHdRH
[Lab] Sensitive data protection → https://goo.gle/4rbxY4G
[Lab] Model Armor Guard → https://goo.gle/4bXa20o
Learn how to integrate Model Armor with an ADK agent using the callback mechanism to protect your AI apps. Model Armer proactively screensLLM prompts and responses, protects against various risks, and ensures responsible AI practices.
Chapters:
0:00 - Intro
0:48 - Input guardrail
1:14 - Output validation guardrail
1:46 - See it action
More resources:
Model Armor overview → https://goo.gle/4aoWngv
Building a production ready AI security foundation → https://goo.gle/4qfNsUw
De-identifying data with SDP → https://goo.gle/4t68h7m
We tried to jailbreak our AI (and Model Armor stopped it) → https://goo.gle/3NLQ4M6
ADK callbacks → https://goo.gle/4k2pWbS
Foundations of secure MCP: Architecture and threat model → https://goo.gle/3O9CPVz
Agent security | The Agent Factory Podcast → https://goo.gle/4q7tYkS
🔔 Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech
#GoogleCloud
Speaker: Aron Eidelman
Products Mentioned: Google Cloud Security
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Google Cloud Tech · Google Cloud Tech · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
I’m going for it #GoogleCloudCertified
Google Cloud Tech
I had to get #GoogleCloudCertified
Google Cloud Tech
Be better overall at what you do #GoogleCloudCertified
Google Cloud Tech
Cloud Monitoring on our radar #Analysis #Uptime
Google Cloud Tech
Introduction to Generative AI Studio
Google Cloud Tech
How to use Github Actions with Google's Workload Identity Federation
Google Cloud Tech
Introduction to Responsible AI
Google Cloud Tech
Networking updates and CDMC-certified architecture
Google Cloud Tech
Create and use a Cloud Storage bucket
Google Cloud Tech
How to digitize text from documents
Google Cloud Tech
Faster analytical queries with AlloyDB
Google Cloud Tech
Next ‘23 sessions and FaaS Wave
Google Cloud Tech
Introduction to Assured Open Source Software
Google Cloud Tech
BigQuery Cost Optimization: Storage
Google Cloud Tech
BigQuery Cost Optimization: Compute
Google Cloud Tech
BigQuery Cost Optimization: Select Queries
Google Cloud Tech
Remote Field Equipment Management with Manufacturing Data Engine
Google Cloud Tech
Supercharging your applications with Cloud SQL Enterprise Plus
Google Cloud Tech
Vector Support on our radar #GenAI
Google Cloud Tech
Architecting a blockchain startup with Google Cloud
Google Cloud Tech
Kubernetes and multitasking updates!
Google Cloud Tech
GKE: Using Kubernetes Events
Google Cloud Tech
How to configure firewall rules for Cloud Composer
Google Cloud Tech
Vertex AI Embeddings API + Matching Engine: Grounding LLMs made easy
Google Cloud Tech
Geospatial analytics on our radar #EarthEngine #BigQuery
Google Cloud Tech
Ensuring requests are set in Kubernetes
Google Cloud Tech
Cloud Next 2023, Google research program, and more!
Google Cloud Tech
How to migrate projects between organizations with Resource Manager
Google Cloud Tech
How to run #MySQL in Google Cloud
Google Cloud Tech
#GenerativeAI for enterprises and #Next2023
Google Cloud Tech
How Google Photos scales to store 4 trillion photos and videos
Google Cloud Tech
Google Cross-Cloud Interconnect (Demo 2)
Google Cloud Tech
GKE Cost Optimization Golden Signals: Introduction
Google Cloud Tech
GKE Cost Optimization Golden Signals: Workload Rightsizing
Google Cloud Tech
GKE Load Balancing: Overview
Google Cloud Tech
GKE Load Balancing: Best Practices
Google Cloud Tech
Disaster Recovery in GKE
Google Cloud Tech
How to configure IP masquerade agent in GKE Standard clusters
Google Cloud Tech
Enable and use GKE Control plane logs
Google Cloud Tech
Compliance in Australia with Assured Workloads
Google Cloud Tech
Creating budgets and budget alerts in Google Cloud #FinOps
Google Cloud Tech
Cloud SQL Enterprise Plus on our radar #mySQL
Google Cloud Tech
What's Next for Google Cloud?
Google Cloud Tech
How Loveholidays scaled with Contact Center AI
Google Cloud Tech
What is fleet team management in GKE?
Google Cloud Tech
Troubleshoot VPC Network Peering
Google Cloud Tech
Introduction to DocAI and Contact Center AI
Google Cloud Tech
Cloud Run Direct VPC egress explained
Google Cloud Tech
Database deployment options in GKE
Google Cloud Tech
Analyze cloud billing data with #BigQuery
Google Cloud Tech
Tips to becoming a world-class Prompt Engineer
Google Cloud Tech
Serverless is simple. Do I need CI/CD?
Google Cloud Tech
Accelerating model deployment with MLOps
Google Cloud Tech
How Hawaii's Department of Human Services scaled with CCAI
Google Cloud Tech
Pricing API on our #Radar
Google Cloud Tech
How Recommendations AI for Media can boost customer retention
Google Cloud Tech
Troubleshooting: Node Not Ready Status
Google Cloud Tech
One weekend until Cloud Next 2023!
Google Cloud Tech
#GoogleCloudNext starts tomorrow!
Google Cloud Tech
#GoogleCloudNext will be demand!
Google Cloud Tech
More on: LLM Engineering
View skill →Related Reads
📰
📰
📰
📰
I Built an LLM Filter That Prefers Silence Over Slop — and the Eval Harness That Keeps It Honest
Dev.to AI
Open-Weight LLM API Integration: A Developer's Practical Guide
Dev.to AI
Fine-Tuning: Lleva tus modelos de IA al siguiente nivel con precisión real
Medium · Machine Learning
Building an AI Dream Analysis Engine, Part 1: Designing the NLP Pipeline
Hackernoon
Chapters (4)
Intro
0:48
Input guardrail
1:14
Output validation guardrail
1:46
See it action
🎓
Tutor Explanation
DeepCamp AI