Principle:Protectai Llm guard Prompt Scanning
| Knowledge Sources | |
|---|---|
| Domains | NLP, Security, Input_Validation |
| Last Updated | 2026-02-14 12:00 GMT |
Overview
A sequential pipeline pattern that sanitizes user prompts by applying a configurable chain of security scanners before they reach a Large Language Model.
Description
Prompt scanning is the process of running user input through one or more security scanners to detect and mitigate risks such as prompt injection, PII leakage, toxic content, and secrets exposure. Each scanner in the pipeline receives the (possibly modified) prompt from the previous scanner and returns a sanitized version along with validity and risk score indicators. The pipeline supports an optional fail-fast mode that stops execution at the first failing scanner.
This principle is library-agnostic: any system that sequentially applies a list of input validators to text before sending it to an LLM implements prompt scanning.
Usage
Use this principle when building any application that accepts user-generated text as input to an LLM. It is the first line of defense against adversarial inputs, accidental PII disclosure, and policy-violating content. The sequential pipeline design allows composing scanners in priority order and short-circuiting on critical failures.
Theoretical Basis
The core algorithm is a sequential filter chain:
# Pseudocode for prompt scanning pipeline
sanitized = prompt
for scanner in scanners:
sanitized, is_valid, risk_score = scanner.scan(sanitized)
results[scanner.name] = (is_valid, risk_score)
if fail_fast and not is_valid:
break
return sanitized, results
Each scanner implements a common interface: scan(prompt: str) -> (str, bool, float) where the returned string is the (possibly modified) prompt, the boolean indicates validity, and the float is a risk score in [0, 1] (or -1 for no risk).