Lakera runs a small classifier that has been trained on known jailbreak patterns (DAN, roleplay escapes, encoding tricks). It scores the input and lets you block or warn below a threshold. Combine it with Presidio: Presidio keeps PII out; Lakera keeps malicious prompts out.
security_service.sanitize() calls LakeraGuard(api_key=…) before any LLM call.
Threshold 0.85 returns a “rejected” response; otherwise proceed with scrubbed input.
Add a local regex fallback for known obfuscation patterns in case Lakera is down (graceful degradation).
user_msg -> Presidio -> Lakera -> safe_msg -> LLM
(Lakera rejects jailbreaks; Presidio redacts PII)
Defense in depth — Presidio for PII, Lakera for jailbreaks, both before the LLM.