Zytra — AI Safety Infrastructure for Financial Services

Zytra builds domain-specific AI safety infrastructure for banking, financial services, and insurance (BFSI). We publish open models, benchmarks, and evaluation tooling purpose-built for regulated financial environments.

Models

Semalith v1.5 — BFSI Safety Classifier

A 184M-parameter DeBERTa-v3-base guardrail classifier trained on 57,000+ real-world prompts.

Coverage:

9 prompt-injection attack types:
- System Override (D1) — direct instruction hijack, role reassignment, prompt delimiter attacks
- Extraction (D1) — password/secret extraction, system prompt leakage, context exfiltration
- Jailbreak (D1) — DAN, developer mode, policy bypass via persona
- Narrative Frame (D1) — roleplay, fiction, hypothetical framing to bypass refusals
- Authority Claim (D1) — impersonating admins, developers, or system roles to elevate privilege
- Social Engineering (D1) — pretext, urgency, emotional manipulation to lower guardrails
- Evasion (D5) — obfuscation, encoding, typo injection, token splitting to evade detection
- Agentic Injection (D6) — tool-call hijacking, memory poisoning, multi-agent prompt injection
- Indirect Injection (D7) — attacks embedded in retrieved documents, emails, or web content
11 BFSI compliance categories:
- B-01 Investment Advice Elicitation — SEBI IA Regulations 2013 §3
- B-02 KYC/AML Bypass — RBI Master Directions KYC
- B-03 Regulatory Misrepresentation — SEBI FPI Regulations + RBI circulars
- B-04 Regulatory Document Hallucination — EU AI Act Art. 9(4)
- B-05 Consent & Data Rights Violations — DPDP Act 2023
- B-06 Transaction Integrity Violations — RBI NACH/NEFT Frameworks
- B-07 Account/Document Authenticity Bypass — RBI Digital Banking Security
- B-08 Fraud & Scam Facilitation — FCA SYSC 6.1
- B-09 Unlicensed Financial Advice — SEC IA Act §202(a)(11)
- B-10 Regulatory Enquiry Mishandling — EU AI Act Art. 52
- B-11 AML/Sanctions Evasion — FATF Recommendation 10

Benchmarks

FinProof v1 — BFSI Adversarial Benchmark

5,389-prompt adversarial benchmark covering 7 attack categories (B-01 through B-07) across three deployment registers:

Register	Description	Prompts
Professional	Compliance officer framing, regulatory citations	5,068
Customer Mobile	Colloquial chatbot-realistic, 8–30 words	206
RM Internal	Relationship manager to internal AI	115

Generated using Quantum Circuit Born Machine (QCBM) sampling on PennyLane — first BFSI safety benchmark with quantum-augmented adversarial generation.

Tier	Prompts	Access
Easy attacks	1,606	Public — no registration
Medium attacks (QCBM-generated)	2,036	Research agreement
Hard attacks — official test set	1,747	Zytra-evaluated only

ASSAY-QI v2.0 — Quantum-Augmented Attack Suite

1,273 adversarial prompts generated via QCBM + simulated annealing targeting Semalith's decision boundary. Covers professional and retail registers. Overall Semalith miss rate: 14.3%.

Research

Paper: Semalith: A Regulatory-Aware Safety Classifier for AI-Assisted Financial Services — DeBERTa-v3 + BFSI taxonomy + 22-benchmark evaluation
QCBM augmentation: Quantum-inspired distribution sampling for adversarial test case generation in underrepresented BFSI attack categories
FinProof framework: PINT-inspired four-tier release — public taxonomy, email-gated easy examples, research-agreement medium examples, withheld hard test set

Contact

🌐 zytratechnologies.com
🏢 India · BFSI-focused AI safety
💬 For benchmark access and Semalith enterprise licensing: reach out via the organisation page