Back to Blog
Security
Engineering

Defending Against Prompt Injection

Salvatan
November 15, 2024
9 min read

Prompt injection is the SQL injection of LLM systems. Unlike SQLi, there is no perfect fix - only layers of defense.

Attack Vectors

  • Direct injection (user input overrides system prompt)
  • Indirect injection (malicious content in retrieved docs)
  • Goal hijacking (user convinces model to ignore instructions)

Defense Layers

1. Input sanitization (detect and strip injection attempts) 2. Prompt structure (use XML tags, clear role separation) 3. Output validation (does response match expected schema?) 4. Least privilege (limit tool access) 5. Monitoring (alert on unexpected behavior)

Testing

PromptOps includes a safety pack with 200+ injection attempts. Run it on every prompt version. Track your defense rate over time.

Related Posts

Why Prompt Versioning Matters

You version your code. Why not your prompts? A case for treating LLM workflows as production systems.

6 min

Building Eval Harnesses That Matter

Most LLM evals are vanity metrics. Here is how to build tests that actually prevent regressions.

8 min

From Prototype to Production LLM

The missing checklist for taking your LLM feature from demo to scalable product.

10 min