IMPORTANT Note for On-Premises Customers:

The Shield server worker count configuration must be set to 2 when upgrading to this version. The previously recommended value was 5. This number can be set higher than 2 to further increase concurrency when AWS EC2s with more GPU memory than the g4dn.2xlarge are used.

• CFT: ShieldServerWorkerCount (Number of Shield Server Workers)
• Helm Chart: shieldWorkers

Enhancements:

• Made significant performance improvements to the PII detection model, resulting in fewer false positives.
  The inference deep dive table now returns up to 50 rows per page.

Vulnerability Fix:

• Patched the protobuf vulnerability CVE-2025-4565

Enhancements:

Improved the prompt injection classifier model, boosting its accuracy and efficiency. The updated model provides enhanced detection capabilities for identifying potential prompt injection attempts. It now prioritizes precision over recall, effectively reducing false positives where legitimate user inputs are mistakenly flagged, while maintaining robust security against genuine attacks.

Enhancements:

• Patched a critical vulnerability in h11

Bug Fix:

• Toxicity slider now displays the correct value in the UI

Enhancements:

• Patched a critical vulnerability in PyTorch
• Improved the configuration parser for the LLM service connection string

Bug Fix:

• Users now have the ability to archive disabled task rules via both the API & the UI

Enhancements:

• Optimized the profanity detection function in the toxicity rule to improve latency for inferences with a large number of consecutive repeating characters
• The user input (inference) token counts now available in the inference query endpoint response

Maintenance:

• Removed the deprecated API response body attributes in BaseDetailsResponse and PIIDetailsResponse. They were deprecated in October 2023.
  • BaseDetailsResponse.claims
  • BaseDetailsResponse.pii_results
  • BaseDetailsResponse.pii_entities
  • BaseDetailsResponse.toxicity_score
  • PIIDetailsResponse.pii_results
• Removed the Hallucination v1 rule that was deprecated on May 24, 2024. If you have the rule in your active tasks, they will be automatically archived with this Shield upgrade.
• Removed the experimental Hallucination v3 rule. It will be reintroduced when the next challenger to replace the v2 rule becomes available. If you have the rule in your active tasks, they will be automatically archived with this Shield upgrade.

New Feature:

• Shield can now run on GPUs for Kubernetes deployments, resulting in low latency evaluations. The new GPU based deployment configuration is tested and supported for ASW EKS.

Enhancements:

• The API key metadata lookup endpoint now contains the enrolled RBAC role names
• Fully automated the process of updating Shield ingress URL from the installers
• The task rules cache configuration is now tunable from the installers

New Feature:

• Any Shield task can now be assigned as the Arthur Chat firewall via API endpoint call

Enhancements:

• Optimized the toxicity detection model for significant reduction of speed and compute cost (45+% latency reduction) without compromising accuracy
• Optimized the prompt injection detection model for reduction of speed and compute cost without compromising accuracy
• AWS ECS deployments can now configure warm instances on the GPU autoscaling group via CloudFormation for scaling out faster
• Reduced the instance warmup time for faster dynamic autoscaling
• OSS library upgrades

New Features:

• AWS ECS GPU deployments now supports fast dynamic scaling
• Added the capability for AWS ECS GPU deployments to scale-in and scale-out on a configurable schedule

New Feature:

• RBAC added to API keys. See the permissions <> roles matrix for the available roles.

Product Enhancements:

• Caching is now used for rules lookups to improve the speed of inference validations
• Concurrency improvement made for GPU deployments
• The Arthur Auth cluster coordinator now works with self-signed certificates