Prompt Injection
Prompt injection is an attack where crafted input tricks an LLM into ignoring its instructions or leaking data.
Last updated:
Prompt injection is the class of attack in which a user — or content the model reads, in the indirect variant — smuggles instructions into an LLM's input to override its system prompt. The goal might be to make the model ignore its guardrails, reveal a hidden system prompt, or exfiltrate data it can see. Because LLMs treat instructions and data as the same stream of text, this is a fundamental risk for any AI feature that accepts untrusted input.
Behest includes Sentinel, an automatic prompt-injection defense. It matches requests against multiple detection patterns for common jailbreak and injection techniques, plus per-project custom blocklists, and runs in three modes: disabled, shadow (log detected attempts), and enforce (block them). Detection happens before the request reaches the LLM.
Defense in depth
Sentinel is one layer, not a silver bullet. It pairs with PII scrubbing (so a successful injection cannot leak sensitive data that never reached the model in the first place), model allowlists, and the audit trail — so attempts are recorded even when they are blocked, giving security teams the evidence they need.
Frequently asked questions
How do I protect my app from prompt injection?
Behest includes Sentinel, an automatic prompt injection defense system. It uses multiple detection patterns to identify common jailbreak techniques, plus custom blocklists per project. Sentinel operates in three modes: disabled, shadow (log detected attacks), and enforce (block malicious prompts). All detection happens before the request reaches the LLM.