Prompt Injection
Defense
Prompt injection is the #1 attack vector against AI agents. OnLeash deploys multi-layer semantic firewalls that detect and block injection attempts before they reach your agent logic. Every layer operates independently. No single bypass defeats the stack.
Attack Vectors We Stop
Five categories of prompt injection. Each with a specific defense mechanism.
Direct Prompt Injection
Adversarial instructions embedded in user inputs that override the agent's system prompt.
Input sanitization strips known injection patterns. Semantic analysis scores intent divergence. High-divergence inputs are blocked before reaching the agent.
Indirect Prompt Injection
Malicious instructions hidden in external data sources the agent processes during task execution.
Output validation checks agent actions against expected behavior profiles. Anomalous action sequences triggered by external data are flagged and blocked.
Jailbreak Attempts
Carefully crafted prompts that bypass the model's safety guardrails and extract forbidden capabilities.
Behavioral fingerprinting detects when agent outputs diverge from established profiles. Deviations trigger escalation or kill switch.
Tool Abuse via Injection
Payloads that manipulate the agent into calling dangerous tools — shell commands, sensitive files, or data exfiltration.
Every tool call routes through the governance middleware. Policy rules restrict tool access with parameter-level validation. Unauthorized use blocked deterministically.
Multi-Turn Manipulation
Gradual injection spread across multiple turns to avoid single-turn detection. Slowly escalating toward a malicious goal.
Session-level behavioral analysis tracks cumulative intent drift. Circuit breakers trip when aggregate risk exceeds thresholds.
Six Defense Layers
Defense-in-depth. Each layer is independent. Compromising one layer does not weaken the others.
Input Sanitization
Known injection patterns stripped at the edge before reaching the governance engine.
Semantic Analysis
Intent classification scores each input against expected interaction patterns. High-divergence inputs trigger ESCALATE or DENY.
Policy Enforcement
Deterministic policy engine evaluates every agent action. Tool restrictions, parameter validation, rate limits. All independent of the LLM.
Behavioral Monitoring
Continuous comparison of agent behavior against its behavioral profile. Anomaly detection surfaces drift from baselines.
Output Validation
Post-action verification checks that agent outputs match expected patterns. PII detection prevents data exfiltration.
Kill Switch
When all else fails, sub-8ms kill switches halt the agent immediately. Forensic snapshot preserves evidence.
Why LLM Guardrails Aren't Enough
Most prompt injection defenses operate at the model layer — prompt filtering, output classifiers, safety fine-tuning. These are necessary but insufficient for AI agents.
AI agents don't just generate text. They execute actions: file writes, API calls, shell commands, database queries. A successful injection doesn't just produce bad text — it produces bad actions with real-world consequences.
OnLeash operates at the action layer. Even if an injection bypasses the model's safety guardrails, the governance middleware evaluates every resulting action against deterministic policies. The action is blocked before execution.
Stop Prompt Injection at the Action Layer
Free tier includes semantic firewall. 1 agent, 1,000 intercepts/month.
Deploy Semantic Firewall