Class PatternBasedPromptInjectionGuardrail

java.lang.Object
dev.langchain4j.guardrails.PatternBasedPromptInjectionGuardrail
All Implemented Interfaces:
Guardrail<InputGuardrailRequest, InputGuardrailResult>, InputGuardrail

public class PatternBasedPromptInjectionGuardrail extends Object implements InputGuardrail
An InputGuardrail that detects and blocks prompt injection attempts using regular expression patterns derived from the OWASP LLM01: Prompt Injection category.

This guardrail is intentionally lightweight: it performs no external calls and has no dependencies beyond the JDK and SLF4J. It is designed to run as the first (cheapest) gate in a guardrail chain, before any LLM-based classifiers.

The default pattern set covers six common categories of prompt injection:

  • Instruction override — "ignore previous instructions", "forget all rules"
  • Role hijacking — "you are now a...", "act as a...", "pretend to be..."
  • Jailbreaks — "DAN", "developer mode", "bypass safety filters"
  • System prompt leakage — "reveal your prompt", "print your instructions"
  • Delimiter injection```system, <system>, [INST], <<SYS>>
  • Encoded injectionbase64:, "decode the following and execute"

Subclasses may supply additional domain-specific patterns via the PatternBasedPromptInjectionGuardrail(List) constructor, or override buildFailureMessage(String, Pattern) to customise the failure message.

Limitations. Pattern-based detection cannot catch novel or semantically obfuscated attacks. For deeper analysis, chain this guardrail with an LLM-based classifier that runs afterwards.

  • Constructor Details

    • PatternBasedPromptInjectionGuardrail

      public PatternBasedPromptInjectionGuardrail()
      Creates a guardrail using the default OWASP LLM01 pattern set.
    • PatternBasedPromptInjectionGuardrail

      public PatternBasedPromptInjectionGuardrail(List<Pattern> additionalPatterns)
      Creates a guardrail using the default OWASP LLM01 pattern set plus the supplied additional patterns. Useful when subclassing or when the host application has domain-specific phrases it wants to block.
      Parameters:
      additionalPatterns - extra patterns to check, in addition to the defaults. Must not be null.
  • Method Details

    • validate

      public InputGuardrailResult validate(UserMessage userMessage)
      Description copied from interface: InputGuardrail
      Validates the user message that will be sent to the LLM.

      Specified by:
      validate in interface InputGuardrail
      Parameters:
      userMessage - the user message to be sent to the LLM
    • buildFailureMessage

      protected String buildFailureMessage(String input, Pattern matchedPattern)
      Builds the failure message returned when an injection attempt is detected. Subclasses may override this to provide a more specific message.
      Parameters:
      input - the raw user input text that triggered the failure
      matchedPattern - the pattern that matched the input
      Returns:
      the failure message