Bordair vs Rebuff: Prompt Injection Detection Compared

Rebuff is an open-source prompt injection detection framework that uses a multi-layered approach including heuristics, an LLM-based classifier, and a vector similarity store. It is an interesting research project, but there are important differences if you are looking for a production detection tool.

How Rebuff works

Rebuff combines four detection methods: heuristic checks, an LLM-based classifier (calling GPT or similar), a vector database of known attacks, and a canary token system. The idea is that layering multiple approaches improves catch rates.

The LLM-in-the-loop problem

Rebuff's most powerful detector is its LLM classifier, but this creates a circular dependency: you are using an LLM to detect attacks on an LLM. This adds significant latency (often 1-3 seconds per check), costs money per API call, and introduces its own prompt injection attack surface.

Bordair uses a purpose-built DeBERTa classifier, not a general-purpose LLM. Our detection runs in under 50ms with no recursive vulnerability.

Multimodal support

Rebuff is text-only. Bordair scans text, images, documents, and audio natively, catching cross-modal attacks that text-only tools miss entirely.

Maintenance and updates

Rebuff's GitHub repository has seen limited recent activity. The attack landscape evolves quickly, and a detection tool needs continuous updates to remain effective. Bordair is actively maintained with regular model updates and new attack pattern additions.

When to choose Rebuff

You want to experiment with different detection approaches
You are comfortable with the latency and cost of LLM-based detection
You want a self-hosted, open-source solution

When to choose Bordair

You need production-grade latency (under 50ms)
You want multimodal detection
You want a managed service with no infrastructure overhead
You want detection that does not rely on calling another LLM

Get started with Bordair and add prompt injection protection in minutes.