Highflame Identity is now open source: agent identity on open standards. Read the launch
Book a Demo
RESEARCH

Highflame Research.

Original work on agent identity, authorization, and runtime security, adversarial findings, threat breakdowns, and the research that powers every safeguard we ship.

PUBLISHED RESEARCH

Peer-reviewed work behind the models

The transformer architectures powering Highflame's in-house guardrail models, published in full, with how each benchmarks against the field.

Pulse · arXiv:2506.07330

JavelinGuard: Low-Cost Transformer Architectures for LLM Security

Compact, stateless guardrail models (~110M to 450M params) for single-request analysis. Over 95% F1 on prompt injection at sub-100ms latency.

Read on arXiv →
How Pulse compares: state-of-the-art accuracy at a fraction of the latency and footprint.
ModelAvg latency (CPU)Size (params)Injection F1Edge
Pulse~47ms~450M~95.3%Excellent
DeBERTa-v3-base (tuned)~80-150ms~184M~93-95%Excellent
LlamaGuard (7B)~500-1000ms+~7BHigh (context-dependent)Poor
Large commercial LLM API (e.g. GPT-4)~1000-3000ms+Billions+High (slow, costly)Not applicable
DeepContext · arXiv:2602.16935

DeepContext: Stateful Real-Time Detection of Multi-Turn Adversarial Intent Drift in LLMs

Stateful, multi-turn guardrails that track conversational intent drift in real time, catching attacks that single-request filters miss.

Read on arXiv →
How DeepContext compares: recurrent intent-tracking beats repetitive large-model inference on multi-turn attacks.
ModelMulti-turn F1Avg latency (T4 GPU / API)Defense strategy
DeepContext0.84~19msStateful (RNN / GRU)
Granite-Guardian-3.3 (8B)0.67~125msStateless (LLM)
GPT-5 Nano0.63~317ms (API)Stateless API
LlamaGuard 4 (12B)0.51~43msStateless (LLM)
AWS Prompt Attack Guardrails0.38~235ms (API)Stateless API
Azure Prompt Shield0.19~77ms (API)Stateless API
WHITEPAPERS

Whitepapers

Long-form technical papers on the architecture behind the fabric. Free to read, no gate.

RESEARCH NOTES

From the research blog

Adversarial findings, threat breakdowns, and field notes from the team.

RESEARCHMay 19, 202612 min

Mission Drift: Why AI Agents Fail at Step 100

Description: AI agents do not always fail with a crash. They drift. Learn why Step 1 testing and passive observability cannot stop Mission Drift, and how Highflame Compass provides runtime enforcement to keep autonomous agents aligned through Step 100.

Read the paper →
FROM RESEARCH TO ENFORCEMENT

The findings ship as controls.

Every result here turns into detection and policy in the fabric, then we re-scan to prove the fix.

Book a demo Explore the platform