Input validation for prompt injection
Quick answer
Prevent prompt injection by applying strict input validation such as sanitizing user inputs, enforcing whitelists, and filtering out suspicious tokens before passing prompts to AI models. Use context-aware checks to detect and block attempts to manipulate the AI's instructions or behavior.
PREREQUISITES
Python 3.8+OpenAI API key (free tier works)pip install openai>=1.0
Setup
Install the openai Python package and set your API key as an environment variable to securely access the OpenAI API.
pip install openai>=1.0Step by step
This example demonstrates how to sanitize user input to prevent prompt injection by escaping or removing suspicious characters and keywords before sending the prompt to the AI model.
import os
import re
from openai import OpenAI
client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])
# Simple sanitizer to remove suspicious prompt injection patterns
# Removes common injection keywords and escapes quotes
def sanitize_input(user_input: str) -> str:
# Lowercase for keyword detection
lowered = user_input.lower()
# Block common injection keywords
blacklist = ["system", "assistant", "ignore previous", "disregard", "do not", "don't", "stop", "cancel"]
for word in blacklist:
if word in lowered:
user_input = re.sub(re.escape(word), "", user_input, flags=re.IGNORECASE)
# Escape quotes to prevent breaking out of prompt context
user_input = user_input.replace('"', '\\"').replace("'", "\\'")
return user_input
user_prompt = input("Enter your prompt: ")
safe_prompt = sanitize_input(user_prompt)
messages = [
{"role": "system", "content": "You are a helpful assistant."},
{"role": "user", "content": safe_prompt}
]
response = client.chat.completions.create(
model="gpt-4o-mini",
messages=messages
)
print("AI response:", response.choices[0].message.content) output
Enter your prompt: Tell me a joke. AI response: Why did the scarecrow win an award? Because he was outstanding in his field!
Common variations
You can enhance input validation by implementing:
- Whitelist filtering to allow only expected input patterns (e.g., alphanumeric and punctuation).
- Context-aware validation that detects attempts to override system instructions.
- Async API calls for scalable validation and response generation.
- Using different models like claude-3-5-sonnet-20241022 with similar validation logic.
import os
import re
import anthropic
client = anthropic.Anthropic(api_key=os.environ["ANTHROPIC_API_KEY"])
async def sanitize_and_query(user_input: str):
# Whitelist: allow only letters, numbers, spaces, and basic punctuation
safe_input = re.sub(r"[^a-zA-Z0-9 .,?!'-]", "", user_input)
system_prompt = "You are a helpful assistant."
messages = [{"role": "user", "content": safe_input}]
response = await client.messages.create(
model="claude-3-5-sonnet-20241022",
max_tokens=1024,
system=system_prompt,
messages=messages
)
return response.content[0].text
# Usage example (in async context):
# import asyncio
# print(asyncio.run(sanitize_and_query("Hello!")))Troubleshooting
If the AI returns unexpected or manipulated responses, verify your input validation logic is correctly removing or escaping injection attempts. Use logging to inspect raw user inputs and sanitized prompts. If you see errors related to malformed prompts, ensure escaping of quotes and special characters is consistent.
Key Takeaways
- Always sanitize and validate user inputs before including them in AI prompts to prevent injection attacks.
- Use both blacklist and whitelist approaches combined with escaping special characters for robust input validation.
- Context-aware filtering helps detect attempts to override system instructions or manipulate AI behavior.