Prompt Injection
Blocks instruction override, system-prompt leak, and roleplay escapes. Plus 52 multilingual patterns across 16 language codes.
Nine ship-ready security layers chain into a single GuardrailEngine that catches prompt injection, jailbreaks, secret leaks, PII, and command injection across 43 framework, LLM, agent, RAG, and memory integrations.
Pattern-based detection — no LLM-in-the-loop tax, no second model to run. Every verdict is reproducible.
Validators run in-process. No network hop, no rate limit, no provider outage to cascade.
Prompts never leave your process. Zero analytics endpoints, zero remote config fetches, zero opt-out checkbox needed.
Express, Fastify, Next.js, OpenAI, Anthropic, LangChain, ElizaOS, MCP — wire it once, protect everywhere.
Each layer is a named module under packages/core/src. Chain them, swap them, override them. Every call leaves a tamper-evident trace.
Blocks instruction override, system-prompt leak, and roleplay escapes. Plus 52 multilingual patterns across 16 language codes.
Catches DAN, social engineering, adversarial framings, and persona attacks.
Decodes base64, hex, leetspeak, and HTML-comment smuggling before scanning.
Spots context-overflow and delimiter abuse used to pivot tool calls.
Detects SSN, email, phone, addresses across US, EU, and international formats.
Flags 37 leaked-credential types — API keys, AWS creds, GitHub tokens, JWT, OpenAI sk-proj-* (post-2024), Mailgun, and more.
Strips reflected XSS, DOM-based payloads, and svg/script smuggles.
Blocks command-injection patterns in shell-execution tool calls.
Chunk-level inspection of LLM streams. Cuts off mid-flight if a layer trips.
A typical wallet-drain attempt hits the engine at step 1, gets pattern-matched at step 3, and the rest of the chain never runs. Open the ElizaOS demo for the full receipt.
43 integration packages cover frameworks, LLM providers, agent runtimes, RAG stores, memory, sandboxes, and bridges. Auto-detection in the install wizard wires the right pieces in seconds.
HTTP layers that mount BonkLM as middleware on the inbound request.
Wrap a model client so prompts and completions pass through the engine.
Validators + guards at every agent step — tool calls, retrieved docs, memory writes.
Inspect retrieved documents before they reach the model prompt.
Guard long-term agent memory against poisoning and PII leakage.
Adapters into other security frameworks and protocols.
One install, one import, one guard. The rest is configuration.
We ran a stock ElizaOS agent with plugin-solana against five attack variants on devnet. One drained the wallet on every model that ran it. BonkLM swings on the same flow at the tool_call surface — read the full breakdown with the on-chain receipt.