Proof, not promises.
Check every number. Download every dataset.
0
false positives on 10,014 legitimate prompts
0
data leak attempts blocked
0
attack prompts tested
0
independent attack datasets
Datasets
Every prompt is sourced from a public, independently-maintained dataset. Nothing is synthetic. Nothing is cherry-picked.
| Dataset | Prompts | Type | Authority |
|---|---|---|---|
| NVIDIA Garak v0.14.0 | 4,592 | Attack | NVIDIA open source |
| JailbreakBench | 199 | Attack | Academic — OWASP LLM Top 10 |
| StrongREJECT | 313 | Attack | AlignmentResearch |
| allenai/WildJailbreak | 82,975 | Attack | Allen Institute for AI — MIT licence |
| Stanford Alpaca | 4,998 | Known-good | Stanford University |
| Databricks Dolly | 5,016 | Known-good | Databricks |
NVIDIA Garak v0.14.0
AttackNVIDIA open source
4,592 prompts
JailbreakBench
AttackAcademic — OWASP LLM Top 10
199 prompts
StrongREJECT
AttackAlignmentResearch
313 prompts
allenai/WildJailbreak
AttackAllen Institute for AI — MIT licence
82,975 prompts
Stanford Alpaca
Known-goodStanford University
4,998 prompts
Databricks Dolly
Known-goodDatabricks
5,016 prompts
Independent comparison
We ran 9,000 prompts through both Thorn Layer and Lakera Guard under identical conditions. Here are the results.
0
Thorn Layer false positives
on 388 legitimate prompts
4
Lakera Guard false positives
on 388 legitimate prompts (1.03%)
| Metric | Thorn Layer | Lakera Guard |
|---|---|---|
| False positives (388 real prompts) | 0 | 4 (1.03%) |
| Data leak prevention (target pattern) | 100% | 42% |
| Real-world latency | 10–30ms | 77ms+ |
| New threat response time | Seconds | 24 hours |
| Deterministic (no ML drift) | ✓ | ✕ |
| Published methodology | ✓ | ✕ |
| No tuning required | ✓ | ✕ |
| Indie/SMB pricing | ✓ | ✕ |
False positives (388 real prompts)
Thorn Layer
0
Lakera Guard
4 (1.03%)
Data leak prevention (target pattern)
Thorn Layer
100%
Lakera Guard
42%
Real-world latency
Thorn Layer
10–30ms
Lakera Guard
77ms+
New threat response
Thorn Layer
Seconds
Lakera Guard
24 hours
Deterministic
Thorn Layer
✓
Lakera Guard
✕
Published methodology
Thorn Layer
✓
Lakera Guard
✕
No tuning required
Thorn Layer
✓
Lakera Guard
✕
Indie/SMB pricing
Thorn Layer
✓
Lakera Guard
✕
Lakera tested using Prompt Defense Only policy on a 9,000-prompt stratified sample. Thorn Layer uses a deterministic engine — same input, same output, every time. Full dataset breakdown on this page. Lakera latency measured from EU VPS — real-world latency varies by region.
Every number on this page is real. Read the full methodology or start free.
Lakera Guard is a trademark of Lakera AI. Comparison based on independent testing, April 2026.
Methodology
Thorn Layer uses a deterministic engine. Same input, same output, every time. No ML, no drift, no false positives.
In December 2025, the UK National Cyber Security Centre stated that prompt injection may never be fully solved at the model level. Read the NCSC guidance.