update security input and output gate part

[AnmolSharma-XY]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @AnmolSharma-XY, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly strengthens the security posture of the 'Compiled AI' system by enhancing its input and output validation mechanisms. It introduces a comprehensive set of new test cases for various prompt injection techniques and a broader range of Personally Identifiable Information (PII) types. The output leakage detection is refined to demonstrate a multi-layered defense strategy, ensuring that malicious inputs are blocked at the earliest possible stage. Furthermore, the PR includes a new academic paper that provides a detailed overview and empirical validation of the 'Compiled AI' approach, emphasizing its deterministic, auditable, and cost-efficient nature, particularly in security-sensitive contexts.

Highlights

• Enhanced Security Benchmarks: Expanded the security benchmark suite with new test cases for prompt injection and PII detection, and updated existing output leakage tests to reflect a more robust blocking strategy.
• Improved PII Detection: Implemented a hybrid PII scanning approach in the input gate, combining NER-based detection with extensive regex patterns to identify a wider range of sensitive data types like tax IDs, crypto wallets, API keys, and private keys.
• Multi-Layered Output Leakage Defense: Modified the output leakage test runner to simulate a defense-in-depth mechanism, where prompt injection attempts are first evaluated by the Input Gate before potential leakage is checked by the Output Gate's canary detection.
• Introduction of 'Compiled AI' Paper: Added a new arXiv paper detailing the 'Compiled AI' paradigm, its system architecture, generation-validation pipeline, and a comprehensive evaluation framework, including a dedicated section on its security architecture.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request enhances the security benchmark suite and related validation logic. It adds a significant number of new test cases for prompt injection and PII detection, covering a wider range of attack vectors and sensitive data types. The output leakage tests are corrected, and the test runner is refactored to simulate a more realistic defense-in-depth pipeline. The PII scanner is improved with a hybrid approach, adding regex-based detection for specialized patterns. I've found a critical issue in the implementation of the new regex scanning logic that could lead to incorrect PII detection. Additionally, a draft of a research paper on 'Compiled AI' has been added. Overall, these are great improvements to the project's security testing capabilities.

[gemini-code-assist]

The use of re.findall with regular expressions containing capturing groups is problematic. re.findall returns a list of tuples of the captured group strings, not the entire matched string. The current logic attempts to reconstruct the match by joining the tuple elements, which is incorrect for many of the defined patterns (e.g., for a MAC address like AA:BB:CC:DD:EE:FF, this would likely return just 'EE:FF'). This leads to incomplete and incorrect reporting of detected PII.

A more robust and simpler approach is to use re.finditer and get the full match object, from which you can extract the complete matched string using match.group(0).

    def _check_additional_patterns(self, content: str) -> dict[str, list[str]]:
        """Check content against additional regex patterns.

        Returns:
            Dict mapping pattern names to list of matches found
        """
        matches: dict[str, list[str]] = {}
        for pattern_name, pattern in ADDITIONAL_PII_PATTERNS.items():
            found = [match.group(0) for match in pattern.finditer(content)]
            if found:
                matches[pattern_name] = found
        return matches