**Multi-Layer Prompt Injection Defense System**
Sign in to like and favorite skills
Multi-Layer Prompt Injection Defense System
Day 7 of 30 AI Projects in 30 Days
PromptArmor implements defense-in-depth for LLM applications. Because when it comes to prompt injection, no single technique is foolproof.
pip install promptarmor
from promptarmor import PromptArmor, ArmorConfig # Create armored assistant armor = await PromptArmor.create( ArmorConfig( system_prompt="You are a helpful shopping assistant.", strict_mode=True, ) ) # Process user input safely response = await armor.process("What products do you have?") if response.detection_result.is_safe: print(response.final_response) else: print(f"Blocked: {response.detection_result.block_reason}")
Hidden tripwires that detect when an attacker has extracted system information.
Pattern matching + embedding similarity to detect known attack structures.
Normalizes Unicode, decodes Base64/URL encoding, removes invisible characters.
Measures if response "drifted" from expected behavior using embeddings.
A second model evaluates if the response was compromised.
Cryptographic-style compliance markers that prove instructions were followed.
# Test an input python cli.py test "Ignore all previous instructions" # Interactive protection mode python cli.py protect --system-prompt "You are a helpful assistant" # Run red team assessment python cli.py redteam --attacks 100 # Play the escape room python cli.py game
from promptarmor import PromptArmor from promptarmor.attacks import RedTeamSimulator armor = await PromptArmor.create() simulator = RedTeamSimulator() report = await simulator.run(armor) report.print_summary() # Defense success rate: 94.2% # Vulnerabilities: Weak against encoding_bypass attacks (3 successful)
User Input │ ▼ ┌─────────────────┐ │ Sanitizer │ → Normalize, decode, clean └────────┬────────┘ │ ▼ ┌─────────────────┐ │ Classifier │ → Pattern + embedding detection └────────┬────────┘ │ ▼ ┌─────────────────┐ │ Main LLM │ → With canary tokens └────────┬────────┘ │ ▼ ┌─────────────────┐ │ Drift Detection │ → Semantic similarity check └────────┬────────┘ │ ▼ ┌─────────────────┐ │ Judge Layer │ → LLM evaluates for compromise └────────┬────────┘ │ ▼ ┌─────────────────┐ │ Signature Check │ → Verify compliance marker └────────┬────────┘ │ ▼ Safe Response (or blocked)
MIT
Francisco Perez - Day 7 of 30 AI Projects in 30 Days
