Model Armor can be directly integrated into Vertex AI either using floor settings or using templates. Model Armor integrates with Vertex AI to screen both requests sent to and responses received from Gemini models. It inspects or blocks traffic that violates the floor settings.
Model Armor provides prompt and response
protection within Gemini API in Vertex AI for the generateContent method.
You need to enable Cloud Logging to get visibility into the sanitization
results of prompts and responses.
Before you begin
Grant the Model Armor user permission to the Vertex AI service account.
gcloud projects add-iam-policy-binding PROJECT_ID --member='serviceAccount:service-PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.com' --role='roles/modelarmor.user'
Replace the following:
PROJECT_ID: your Google Cloud project ID.PROJECT_NUMBER: your Google Cloud project number.
Configure floor settings
You use floor settings to configure the minimum detection thresholds for Model Armor templates. These settings verify that all new and modified templates meet floor settings requirements.
To enable Model Armor and Vertex AI integration, you can set floor settings only at the project level by using API or Google Cloud console.
To configure floor settings, see Configure floor settings.
To configure floor settings with Vertex AI integration, run the following command:
curl -X PATCH \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -d '{"filterConfig" : {}, "integratedServices": "AI_PLATFORM", "aiPlatformFloorSetting":{"inspect_only":true, "enableCloudLogging":true}}' \ "https://modelarmor.googleapis.com/v1/projects/PROJECT_ID/locations/global/floorSetting"
Replace PROJECT_ID with the ID of the project for the
floor settings.
After configuring the floor settings to enable Vertex AI sanitization,
Model Armor sanitizes all generateContent API calls to the project's
Gemini endpoints using the filter settings specified.
The following code sample shows how to use the generateContent method.
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://LOCATION-aiplatform.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/publishers/google/models/gemini-2.0-flash-001:generateContent" -d '{ "contents": [ { "role": "user", "parts": [ { "text": "" } ] } ] , "generationConfig": { "responseModalities": ["TEXT"] ,"temperature": 0.2 ,"maxOutputTokens": 1024 ,"topP": 0.8 } }'
Replace the following:
PROJECT_ID: your Google Cloud project ID.LOCATION: the Google Cloud location of the Gemini endpoint. For supported locations, see Locations for the Model Armor API.
The following code sample shows the response from the generateContent method.
{ "promptFeedback": { "blockReason": "MODEL_ARMOR", "blockReasonMessage": "Blocked by Floor Setting. The prompt violated Responsible AI Safety settings (Harassment, Dangerous), Prompt Injection and Jailbreak filters." }, "usageMetadata": { "trafficType": "ON_DEMAND" }, "modelVersion": "gemini-2.0-flash-001", "createTime": "2025-03-26T13:14:36.961184Z", "responseId": "vP3jZ6DVOqLKnvgPqZL-8Ao" }
Define the enforcement type for floor settings
To configure how Model Armor handles detections, set the
enforcement type.
The following example shows the floor settings configuration with the
Inspect and block enforcement type.
export FLOOR_SETTING='{ "filter_config": { "rai_settings": { "rai_filters": { "filter_type": "HATE_SPEECH", "confidence_level": "LOW_AND_ABOVE" }, "rai_filters": { "filter_type": "DANGEROUS", "confidence_level": "LOW_AND_ABOVE" }, "rai_filters": { "filter_type": "SEXUALLY_EXPLICIT", "confidence_level": "LOW_AND_ABOVE" }, "rai_filters": { "filter_type": "HARASSMENT", "confidence_level": "LOW_AND_ABOVE" } }, "sdpSettings": { "basicConfig": { "filterEnforcement": "ENABLED" } }, "piAndJailbreakFilterSettings": { "filterEnforcement": "ENABLED", "confidenceLevel": "LOW_AND_ABOVE" }, "maliciousUriFilterSettings": { "filterEnforcement": "ENABLED" } }, "integratedServices": [ "AI_PLATFORM" ], "aiPlatformFloorSetting": { "inspectAndBlock": true, "enableCloudLogging": true }, "enable_floor_setting_enforcement": "true" }' curl -X POST \ -d "$FLOOR_SETTING" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://modelarmor.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/floorSetting"
Replace the following:
PROJECT_ID: the ID of the project for the floor settings.LOCATION: the location of the floor settings.
Configure Model Armor templates
Model Armor can also be integrated with Vertex AI using Model Armor templates. Templates let you configure how Model Armor screens prompts and responses and they define security filter configurations.
You must create templates first, and then use these templates with
Gemini's generateContent method. For more information about templates,
see Create and manage Model Armor templates.
After configuring the Model Armor template, pass the template ID as a
parameter when making a call to the Gemini API using the generateContent
method. Vertex AI will route the request to Model Armor for
processing.
The following code sample shows the request to the generateContent method.
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://{LOCATION}-aiplatform.googleapis.com/v1/projects/{PROJECT_ID}/locations/{LOCATION}/publishers/google/models/gemini-2.0-flash-001:generateContent" -d '{ "contents": [ { "role": "user", "parts": [ { "text": "" } ] } ] , "generationConfig": { "responseModalities": ["TEXT"] ,"temperature": 0.2 ,"maxOutputTokens": 1024 ,"topP": 0.8 }, "model_armor_config": { "prompt_template_name": "projects/PROJECT_ID/locations/LOCATION/templates/TEMPLATE_ID", "response_template_name": "projects/PROJECT_ID/locations/LOCATION/templates/TEMPLATE_ID" } }'
Replace the following:
PROJECT_ID: the Google Cloud project ID.LOCATION: the Google Cloud location of the Gemini endpoint. The supported locations areus-central1,us-east4,us-west1, andeurope-west4.TEMPLATE_ID: Model Armor template ID.
The following code sample shows the response from the generateContent method.
{ "promptFeedback": { "blockReason": "MODEL_ARMOR", "blockReasonMessage": "Blocked by Floor Setting. The prompt violated Responsible AI Safety settings (Harassment, Dangerous), Prompt Injection and Jailbreak filters." }, "usageMetadata": { "trafficType": "ON_DEMAND" }, "modelVersion": "gemini-2.0-flash-001", "createTime": "2025-03-26T13:14:36.961184Z", "responseId": "vP3jZ6DVOqLKnvgPqZL-8Ao" }
Considerations
Consider the following when integrating Model Armor with Vertex AI:
- Sensitive Data Protection redaction for de-identify template is not supported.
- Sanitizing prompts and responses that contain documents is not supported.
Vertex AI skips the Model Armor sanitization step and continues processing the request under the following conditions:
- Model Armor is not available in a region where Vertex AI is present.
- Model Armor is temporarily not reachable.
- An error occurs within Model Armor.
All these instances can occasionally expose unscreened prompts or responses because the request continues without prompt and response sanitization.