Arc Sentry tops LlamaGuard on indirect attacks

The interesting part is not just the score bump; it is the detection strategy. If the model can be probed through its internal representation before generation, keyword filters and surface-level classifiers become much easier to evade.

• –Best-in-class recall on the reported benchmark matters most for security use cases, because missed injections are the expensive failure mode
• –The benchmark is small and narrow, so the result is a strong prototype signal, not proof of broad generalization
• –The tradeoff is visible in the numbers: OpenAI Moderation API had higher F1, so Arc Sentry looks optimized for catching more attacks rather than winning every balanced metric
• –CPU pre-filtering and no model access make it practical for self-hosted deployments where latency and isolation matter
• –The main question now is calibration across real workloads, not whether prompt-injection defense needs to move beyond pattern matching