Class PatternBasedPromptInjectionGuardrail
java.lang.Object
dev.langchain4j.guardrails.PatternBasedPromptInjectionGuardrail
- All Implemented Interfaces:
Guardrail<InputGuardrailRequest, InputGuardrailResult>, InputGuardrail
An
InputGuardrail that detects and blocks prompt injection attempts using regular
expression patterns derived from the
OWASP LLM01: Prompt Injection
category.
This guardrail is intentionally lightweight: it performs no external calls and has no dependencies beyond the JDK and SLF4J. It is designed to run as the first (cheapest) gate in a guardrail chain, before any LLM-based classifiers.
The default pattern set covers six common categories of prompt injection:
- Instruction override — "ignore previous instructions", "forget all rules"
- Role hijacking — "you are now a...", "act as a...", "pretend to be..."
- Jailbreaks — "DAN", "developer mode", "bypass safety filters"
- System prompt leakage — "reveal your prompt", "print your instructions"
- Delimiter injection —
```system,<system>,[INST],<<SYS>> - Encoded injection —
base64:, "decode the following and execute"
Subclasses may supply additional domain-specific patterns via the
PatternBasedPromptInjectionGuardrail(List) constructor, or override
buildFailureMessage(String, Pattern) to customise the failure message.
Limitations. Pattern-based detection cannot catch novel or semantically obfuscated attacks. For deeper analysis, chain this guardrail with an LLM-based classifier that runs afterwards.
-
Constructor Summary
ConstructorsConstructorDescriptionCreates a guardrail using the default OWASP LLM01 pattern set.PatternBasedPromptInjectionGuardrail(List<Pattern> additionalPatterns) Creates a guardrail using the default OWASP LLM01 pattern set plus the supplied additional patterns. -
Method Summary
Modifier and TypeMethodDescriptionprotected StringbuildFailureMessage(String input, Pattern matchedPattern) Builds the failure message returned when an injection attempt is detected.validate(UserMessage userMessage) Validates theuser messagethat will be sent to the LLM.Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface InputGuardrail
failure, failure, fatal, fatal, success, successWith, validate
-
Constructor Details
-
PatternBasedPromptInjectionGuardrail
public PatternBasedPromptInjectionGuardrail()Creates a guardrail using the default OWASP LLM01 pattern set. -
PatternBasedPromptInjectionGuardrail
Creates a guardrail using the default OWASP LLM01 pattern set plus the supplied additional patterns. Useful when subclassing or when the host application has domain-specific phrases it wants to block.- Parameters:
additionalPatterns- extra patterns to check, in addition to the defaults. Must not benull.
-
-
Method Details
-
validate
Description copied from interface:InputGuardrailValidates theuser messagethat will be sent to the LLM.- Specified by:
validatein interfaceInputGuardrail- Parameters:
userMessage- the user message to be sent to the LLM
-
buildFailureMessage
Builds the failure message returned when an injection attempt is detected. Subclasses may override this to provide a more specific message.- Parameters:
input- the raw user input text that triggered the failurematchedPattern- the pattern that matched the input- Returns:
- the failure message
-