Create a Model Armor template
Console
In the Google Cloud console, go to the Model Armor page.
Verify that you are viewing the project that you activated Model Armor on.
On the Model Armor page, click Create Template. The Create Template page is displayed.
Specify the Template ID. Template ID can have letters, digits, or hyphens. It must not exceed 63 characters and cannot have spaces or start with a hyphen.
Select a Region to run your Model Armor templates. You cannot change the region later.
Optional: Add Labels. Labels are key-value pairs that you can use to group related templates.
In the Detections section, configure the following detection settings:
Malicious URL detection: Identifies web addresses (URLs) that are designed to harm users or systems. These URLs might lead to phishing sites, malware downloads, or other cyberattacks. For more information, see Malicious URL detection.
Prompt injection and jailbreak detection: Detects malicious content and jailbreak attempts in a prompt. For stricter enforcement, set the confidence level to Low and above** to detect most content that is likely to be a prompt injection and jailbreak attempt. For more information, see Prompt injection and jailbreak detection.
Sensitive Data Protection: Detects sensitive data, prevents accidental exposure, and blocks attempts to extract data from AI models through attacks like prompt injection. For more information, see Sensitive Data Protection.
You can set either basic or advanced Sensitive Data Protection.
Basic - Use predefined infoTypes to detect sensitive data types. For more information on the predefined infoType, see Basic Sensitive Data Protection configuration.
Advanced - Use an inspection template defined in the Sensitive Data Protection service as a single source for sensitive data infoTypes.
If you select the Advanced Sensitive Data Protection, you need to specify the following parameters:
Inspect template: Templates for saving configuration information for inspection scan jobs, including what predefined or custom detectors to use. Enter the template name in the following format:
projects/projectName/locations/locationID/inspectTemplates/templateNameOptional: De-identify template: Templates for saving configuration information for de-identification jobs, including both infoType and structured dataset transformations. Enter an identifier for the de-identification template in the following format:
projects/projectName/locations/locationID/deidentifyTemplates/templateName
In the Responsible AI section, you can set the confidence level for each content filter. Confidence level represents how likely the findings match a content filter type. Possible values are:
- None: Don't detect any content type.
- Low and above: Detect content with confidence level low, medium, or high.
- Medium and above: Detect content with confidence level medium or high.
- High: Detect content with confidence level high.
For stricter enforcement, set the confidence level to Low and above to detect most content that falls into a content filter type. You can also select the confidence level for all content types at once.
Click Create.
gcloud
Run the following command:
gcloud alpha model-armor templates create template_id --location location [filters]
Replace the following:
LOCATION- the location of the template.TEMPLATE_ID- the ID of the template.
Here is an example with all filters.
gcloud alpha model-armor templates create --location location "template_id"
--rai-settings-filters='[{ "filterType": "HATE_SPEECH", "confidenceLevel": "MEDIUM_AND_ABOVE" },{ "filterType": "HARASSMENT", "confidenceLevel": "MEDIUM_AND_ABOVE" },{ "filterType": "SEXUALLY_EXPLICIT", "confidenceLevel": "MEDIUM_AND_ABOVE" }]'
--basic-config-filter-enforcement=enabled
--pi-and-jailbreak-filter-settings-enforcement=enabled
--pi-and-jailbreak-filter-settings-confidence-level=LOW_AND_ABOVE
--malicious-uri-filter-settings-enforcement=enabled
--template-metadata-custom-llm-response-safety-error-code=798
--template-metadata-custom-llm-response-safety-error-message="test template llm response evaluation failed"
--template-metadata-custom-prompt-safety-error-code=799
--template-metadata-custom-prompt-safety-error-message="test template prompt evaluation failed"
--template-metadata-ignore-partial-invocation-failures
--template-metadata-log-operations
--template-metadata-log-sanitize-operations
REST APIs
Use this command to create a new Model Armor template.
curl -X POST \
-d "{'filter_config': {} }" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https://modelarmor.LOCATION_ID.rep.googleapis.com/v1/projects/$PROJECT_ID/locations/$LOCATION/templates?template_id=$TEMPLATE_ID"
Replace the following:
Filter_configis the filter configuration for the template.PROJECT_IDis the ID of the project that the template belongs to.TEMPLATE_IDis the ID of the template to be created.LOCATIONis the location of the template.gcloud auth print-access-tokenis the access token for the specified account. Follow these steps to obtain this token.
The following example explains the Model Armor template configuration.
- Create a configuration (in this case,
FILTER_CONFIG) of which filters you would like the Model Armor template to screen for, and at what confidence level where applicable. - Create a Model Armor template (in this case,
ma-template-id-1234) using the configuration you created.
Note that LOW_AND_ABOVE means any content with a likelihood of LOW, MEDIUM,
or HIGH will be flagged.
export FILTER_CONFIG='{
"filterConfig": {
"raiSettings": {
"raiFilters": [{
"filterType": "HATE_SPEECH",
"confidenceLevel": "MEDIUM_AND_ABOVE"
}, {
"filterType": "HARASSMENT",
"confidenceLevel": "HIGH"
}, {
"filterType": "DANGEROUS",
"confidenceLevel": "MEDIUM_AND_ABOVE"
},{
"filterType": "SEXUALLY_EXPLICIT",
"confidenceLevel": "MEDIUM_AND_ABOVE"
}]
},
"piAndJailbreakFilterSettings": {
"filterEnforcement": "ENABLED",
"confidenceLevel": "LOW_AND_ABOVE"
},
"maliciousUriFilterSettings": {
"filterEnforcement": "ENABLED"
}
}
}'
curl -X POST \
-d $FILTER_CONFIG \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https://modelarmor.LOCATION.rep.googleapis.com/v1/projects/$PROJECT_ID/locations/LOCATION_ID/ templates?template_id=TEMPLATE_ID"
View a Model Armor template
Console
In the Google Cloud console, go to the Model Armor page.
Verify that you are viewing the project that you activated Model Armor on. The Model Armor page is displayed listing the templates created for your project.
Click any template from the list to view its details.
gcloud
Run the following command:
gcloud alpha model-armor templates describe template_id --location location
Replace the following:
LOCATION- the location of the template.TEMPLATE_ID- the ID of the template.
REST APIs
Run the following command:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.LOCATION_ID.rep.googleapis.com/v1/projects/$PROJECT_ID/locations/$LOCATION/templates/$TEMPLATE_ID"
Replace the following:
gcloud auth print-access-tokenis the access token for the specified account.PROJECT_ID- the ID of the project that the template belongs to.LOCATION- the location of the template.TEMPLATE_ID- the ID of the template.
Update a Model Armor template
Console
In the Google Cloud console, go to the Model Armor page.
Verify that you are viewing the project that you activated Model Armor on. The Model Armor page is displayed listing the templates created for your organization.
Click the template that you want to update from the list. The Template details page is displayed.
Click Edit.
Update the required parameters and click Save.
gcloud
Run the following command:
gcloud alpha model-armor templates update template_id --location location [filters]
Replace the following:
LOCATION- the location of the template.TEMPLATE_ID- the ID of the template.
REST APIs
Run the following command:
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -d $FILTER_CONFIG \ "https://modelarmor.LOCATION_ID.rep.googleapis.com/v1/projects/$PROJECT_ID/locations/$LOCATION/templates/$TEMPLATE_ID?update_mask=filter_config"
Replace the following:
gcloud auth print-access-tokenis the access token for the specified account.PROJECT_ID- the ID of the project that the template belongs to.LOCATION- the location of the template.TEMPLATE_ID- the ID of the template.FILTER_CONFIG- the JSON representation of the filter configuration.
All other fields are immutable. Attempts made to update other fields (for example, attempts to update the template name) result in an error.
Delete a Model Armor template
Console
In the Google Cloud console, go to the Model Armor page.
Verify that you are viewing the project that you activated Model Armor on. The Model Armor page is displayed listing the templates created for your organization.
Click the template that you want to delete from the list. The Template details page is displayed.
Click Delete. A confirmation dialog is displayed.
Enter the template name to confirm the deletion and click Delete.
gcloud
Run the following command:
gcloud alpha model-armor templates delete template_id --location location
Replace the following:
LOCATION- the location of the template.TEMPLATE_ID- the ID of the template.
REST APIs
Run the following command:
curl -X DELETE \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.LOCATION_ID.rep.googleapis.com/v1/projects/$PROJECT_ID/locations/$LOCATION/templates/$TEMPLATE_ID"
Replace the following:
gcloud auth print-access-tokenis the access token for the specified account.PROJECT_ID- the ID of the project that the template belongs to.LOCATION- the location of the template.TEMPLATE_ID- the ID of the template.
What's next
- Learn about Model Armor overview.
- Learn about Model Armor floor settings.
- Sanitize prompts and responses.
- Troubleshoot Model Armor issues.