AI/TLDR

GLiNER

Zero-shot named-entity recognition for any entity type, small enough to run on a CPU

github.com/urchade/GLiNER★ 3.3kurchade.github.io/GLiNER

Overview

GLiNER is a framework for training and running small Named Entity Recognition (NER) models that work zero-shot. Instead of being locked to a fixed label set, you pass the entity types you want at inference time (for example "person", "award", "date"), and the model extracts matching spans from the text. It also supports joint entity and relation extraction.

It is built for teams that need entity extraction without the cost of a large language model. The models are tuned to run on CPUs and consumer hardware, and the project reports performance competitive with much larger models like ChatGPT and UniNER. Models can also be fine-tuned on your own data.

In a guardrails and PII context, GLiNER is widely used as a detection backend: you can define sensitive entity types (names, emails, locations) as labels and flag them in user or model text. It is, for instance, used inside Microsoft Presidio for PII detection.

What it does

  • Zero-shot NER: name any entity types at runtime, no retraining needed
  • Lightweight, CPU-friendly models suited to consumer hardware
  • Supports joint entity and relation extraction beyond plain NER
  • Fine-tunable on your own labeled data
  • Pretrained models distributed via Hugging Face (e.g. urchade/gliner_medium-v2.1)
  • Optional Ray Serve deployment with dynamic batching and multi-replica scaling

Getting started

Install the package, load a pretrained model, and pass your own entity labels to predict_entities.

Install GLiNER

Install from PyPI with pip (or uv for a faster install).

bashbash
pip install gliner

Load a model and extract entities

Load a pretrained model with GLiNER.from_pretrained, then call predict_entities with your text and a list of labels.

pythonpython
from gliner import GLiNER

model = GLiNER.from_pretrained("urchade/gliner_medium-v2.1")

text = "Cristiano Ronaldo was born on 5 February 1985 and plays for Al Nassr."

# Define the entity types you want to find
labels = ["Person", "Date", "Teams"]

entities = model.predict_entities(text, labels, threshold=0.5)

for entity in entities:
    print(entity["text"], "=>", entity["label"])

Serve it (optional)

For production deployment with dynamic batching and multi-replica scaling, install the serving extra, which adds Ray Serve support.

bashbash
pip install gliner[serve]

Commands and code are distilled from the project's own documentation — always check the official repo for the latest.

When to use it

  • Detect and flag PII (names, emails, locations) in user input or model output as a guardrails backend
  • Extract domain-specific entities from documents without labeling data for a fixed schema
  • Run NER on CPU or consumer hardware where a large LLM is too costly
  • Fine-tune a small NER model on your own entity types for an in-house pipeline

How GLiNER compares

GLiNER alongside other open-source guardrails & security tools AI/TLDR tracks, ranked by GitHub stars.

ToolStarsWhat it does
Microsoft Presidio★ 9.3kA framework for detecting, redacting, masking, and anonymizing personal data (PII) in text, images, and structured data using NER models, regex, and rule-based recognizers.
Guardrails AI★ 7kA Python framework that wraps LLM calls with composable input/output validators (from the Guardrails Hub) to check structure, type, and safety risks before responses reach users.
NeMo Guardrails★ 6.5kNVIDIA's toolkit for adding programmable rails to LLM chat apps, using the Colang language to control dialog flow and block jailbreaks, prompt injection, and off-topic answers.
GLiNER★ 3.3kZero-shot named-entity recognition for any entity type, small enough to run on a CPU
LLM Guard★ 3.1kA security toolkit from Protect AI with 35+ input and output scanners that sanitize prompts and responses for prompt injection, toxicity, PII leakage, and harmful content.
Rebuff★ 1.5kA prompt injection detector that combines heuristics, an LLM-based classifier, a vector store of past attacks, and canary tokens to catch attempts to subvert an LLM application.
Detoxify★ 1.3kPretrained transformer models from Unitary that score text for toxicity, insults, threats, and hate speech, often used to moderate LLM inputs and outputs.
Vigil★ 482A Python library and REST API that scans LLM prompts and responses with YARA rules, transformer classifiers, and vector similarity to flag prompt injections and jailbreaks.