Instructions to use SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507 with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507 with PEFT:

from peft import PeftModel
from transformers import AutoModelForCausalLM

base_model = AutoModelForCausalLM.from_pretrained("Qwen/Qwen3-4B-Instruct-2507")
model = PeftModel.from_pretrained(base_model, "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507")

Transformers

How to use SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507 with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoModel
model = AutoModel.from_pretrained("SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507", dtype="auto")

Notebooks
Google Colab
Kaggle
Local Apps

vLLM

How to use SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507 with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507

SGLang

How to use SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507 with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Docker Model Runner
How to use SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507 with Docker Model Runner:
```
docker model run hf.co/SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507
```

AgentWatcher-Qwen3-4B-Instruct-2507

AgentWatcher is a detection-based defense against indirect prompt injection in LLM agents. This repository contains the trained monitor LLM, which is a LoRA adapter (PEFT) fine-tuned on top of Qwen/Qwen3-4B-Instruct-2507.

Paper: AgentWatcher: A Rule-based Prompt Injection Monitor
Repository: GitHub - wang-yanting/AgentWatcher

Description

Large language models (LLMs) and their applications, such as agents, are highly vulnerable to prompt injection attacks. AgentWatcher addresses existing limitations in detection by:

Causal Context Attribution: It attributes the LLM's output to a small set of causally influential context segments. By focusing on short, relevant text, it remains scalable even with long contexts.
Rule-based Reasoning: It utilizes explicit rules to define prompt injection. The monitor LLM reasons over these rules based on the attributed text, making detection decisions more explainable and interpretable than black-box methods.

How to Get Started with the Model

You can load this adapter using the peft and transformers libraries:

from transformers import AutoModelForCausalLM, AutoTokenizer
from peft import PeftModel
import torch

base_model_id = "Qwen/Qwen3-4B-Instruct-2507"
adapter_id = "SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507"

# Load base model
base_model = AutoModelForCausalLM.from_pretrained(
    base_model_id,
    torch_dtype=torch.bfloat16,
    device_map="auto"
)

# Load the AgentWatcher adapter
model = PeftModel.from_pretrained(base_model, adapter_id)
tokenizer = AutoTokenizer.from_pretrained(base_model_id)

# Example: Prepare a prompt for the monitor LLM to evaluate a context segment
prompt = "..." 
inputs = tokenizer(prompt, return_tensors="pt").to(model.device)

with torch.no_grad():
    outputs = model.generate(**inputs, max_new_tokens=256)
    print(tokenizer.decode(outputs[0], skip_special_tokens=True))

Citation

If you use AgentWatcher in your research, please cite the following paper:

@article{wang2026agentwatcher,
  title={AgentWatcher: A Rule-based Prompt Injection Monitor},
  author={Wang, Yanting and others},
  journal={arXiv preprint arXiv:2604.01194},
  year={2026}
}

Downloads last month: 19

Model tree for SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507

Base model

Qwen/Qwen3-4B-Instruct-2507

Adapter

(5450)

this model

Paper for SecureLLMSys/AgentWatcher-Qwen3-4B-Instruct-2507

AgentWatcher: A Rule-based Prompt Injection Monitor

Paper • 2604.01194 • Published Apr 1 • 3