TEL AVIV, Israel: Google DeepMind has featured Hirundo’s security-hardened variant of Gemma 4 in its Gemmaverse – the official showcase for the Gemma open-model ecosystem. The feature validates Hirundo’s weight-level machine unlearning approach as a production-grade solution to one of the most persistent vulnerabilities in enterprise AI deployments: prompt injection attacks.

The hardened model is built on Google’s Gemma 4 E4B instruction-tuned base. At 4 billion parameters, it outperforms models more than 170 times its size on prompt injection resistance – including DeepSeek V3.2-Exp (685B), GPT-OSS-120B, and Qwen3-235B – while preserving full utility across standard benchmarks.

AI security is a behavioral problem, not a size problem

Prompt injection – where adversarial inputs manipulate a model into overriding its system instructions – remains one of the most damaging attack vectors in production Large Language Model (LLM) deployments. The prevailing assumption has been that larger models are inherently more robust. Hirundo’s results directly contradict that.

Rather than applying external filters or inference-time guardrails, Hirundo’s platform targets and removes the specific model weights responsible for susceptibility to adversarial manipulation. The model effectively forgets the behaviors that enable attacks – at the weight level, not the prompt level. Despite those behaviors usually being tied to instruction-following, a desired trait of LLMs, Hirundo’s technology preserved general instruction following while mitigating prompt injection susceptibility.

The results against industry-leading open-weight models, benchmarked using Meta’s PurpleLlama CyberSecEval dataset:

• DeepSeek V3.2-Exp (685B): 73.33% attack success rate – 15.6x worse than Hirundo’s model
• GPT-OSS-120B: more than 3x Hirundo’s attack success rate
• Qwen3-235B: 10.8x more vulnerable

Hirundo’s hardened Gemma 4 E4B achieved a 4.78% attack success rate – a 74.47% reduction versus the base model – with no measurable degradation across utility benchmarks including AIME25, LiveCodeBench, GPQA, IFBench, SCICode, AutoPatchBench, and CyberSOCEval.

Quote

“Prompt injection is not a prompting problem – it is a representational one. The vulnerability lives in the weights. Addressing it at the weight level is more durable and more precise than guardrails applied after the fact.”

– Prof. Em. Oded Shmueli, Chief Scientist, Hirundo; former Executive VP for Research and Dean of the Computer Science Faculty, Technion – Israel Institute of Technology

The Google DeepMind-endorsed Gemma 4 case study joins a growing portfolio of Hirundo’s publicly available debiased and security-hardened models, including variants of GPT-OSS, Qwen, NemoTron, Llama, and others – with results demonstrating up to 90%+ improvement in security robustness and fairness compared to the original base models.

Availability

Hirundo’s Gemma 4 E4B Unlearned Variant on HuggingFace:
https://huggingface.co/hirundo-io/gemma-4-E4B-it-reduced-prompt-injection

Hirundo’s Gemma 4 E4B Case Study on Google DeepMind’s Gemmaverse:
https://deepmind.google/models/gemma/gemmaverse/hirundo

About Hirundo

Hirundo is the pioneer of machine unlearning – making it possible to change what trained AI models know and how they behave. Rather than applying filters or guardrails after the fact, Hirundo’s platform operates at the weight level, enabling teams to remove sensitive data, harmful behaviors, jailbreak vulnerabilities, and bias at the core – with no measurable degradation to model utility.

The company holds nine filed US patents and is led by Ben Luria (CEO), one of the first Israeli Rhodes Scholars; Prof. Em. Oded Shmueli (Chief Scientist), former Executive VP for Research and Dean of the Computer Science Faculty at the Technion – Israel Institute of Technology; and Michael Leybovich, an award-winning researcher.

www.hirundo.io

Fonte: Business Wire