CRITICALCWE-77AI Security
Prompt Injection in AI App
Description
Your AI application does not sanitize user input for prompt injection attacks, allowing users to override system instructions.
How Vezraa Detects It
We send common prompt injection payloads (ignore previous instructions, DAN, etc.) and check if system prompts are bypassed.
Real-World Impact
Attackers can extract system prompts, bypass content filters, make your AI generate harmful content, or leak sensitive data from the prompt context.
Fix Example
// Use input guard layer
const sanitized = input.replace(/ignore (all )?previous instructions/i, '');
// Use structured output parsing
const response = await openai.chat.completions.create({
messages: [
{ role: 'system', content: systemPrompt },
{ role: 'user', content: `[SAFE_INPUT]: ${sanitized}` }
]
});Affected Stacks
OpenAIAnthropicLLM apps