Skip to content

Injection & PII Auditor

The Injection Auditor (lucid-guardrails-auditor) is a comprehensive security node that detects prompt injection attacks, jailbreak attempts, and Personal Identifiable Information (PII) like SSNs, emails, and credit card numbers.

πŸ›‘οΈ Use Case

  • Prompt Injection Defense: Block OWASP LLM Top 10 #1 attacks including jailbreaks and instruction override attempts.
  • Regulatory Compliance: Enforce GDPR, CCPA, and HIPAA compliance by ensuring PII never reaches the model.
  • Data Leakage Prevention: Automatically detect and block sensitive identifiers in prompts.

πŸ“ Implementation

This auditor hooks into the Request phase to block malicious inputs before they reach the model.

import re
from lucid_sdk import create_auditor, Proceed, Deny, Warn

builder = create_auditor(auditor_id="lucid-guardrails-auditor")

# PII Patterns
SSN_PATTERN = re.compile(r'\b\d{3}-\d{2}-\d{4}\b')
EMAIL_PATTERN = re.compile(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b')

# Injection Patterns
INJECTION_PATTERNS = [
    "ignore all previous instructions",
    "disregard the above",
    "system prompt:",
    "you are now",
]

@builder.on_request
def check_injection_and_pii(data: dict, config: dict = None, lucid_context: dict = None):
    prompt = data.get("prompt", "")
    prompt_lower = prompt.lower()

    # Check for prompt injection
    for pattern in INJECTION_PATTERNS:
        if pattern in prompt_lower:
            return Deny(reason=f"Prompt injection detected: {pattern}")

    # Check for high-sensitivity PII (SSN)
    if SSN_PATTERN.search(prompt):
        return Deny(reason="High-sensitivity PII (SSN) detected in request")

    # Check for low-sensitivity PII (email) - warn but allow
    if EMAIL_PATTERN.search(prompt):
        return Warn(reason="Email address detected in request", pii_type="email")

    return Proceed(safety_score=1.0)

auditor = builder.build()

☸️ Deployment Configuration

Add this to your auditors.yaml:

chain:
  - name: lucid-guardrails-auditor
    image: "lucid-guardrails-auditor:latest"
    script: lucid-guardrails-auditor/main.py
    port: 8090
    env:
      INJECTION_THRESHOLD: "0.8"
      INJECTION_BLOCK_ON_DETECTION: "true"

πŸ” Behavior

  • Injection Detection: If a user types "Ignore all previous instructions", the auditor returns DENY, and the model is never invoked.
  • PII Blocking: If a user types "My SSN is 123-45-6789", the auditor returns DENY.
  • PII Warning: If a user includes an email address, the auditor returns WARN but allows the request to proceed.