Skip to Content

How does Lakera detect prompt-injection attempts?

Category: Security & Compliance

Answer

Lakera runs a small classifier that has been trained on known jailbreak patterns (DAN, roleplay escapes, encoding tricks). It scores the input and lets you block or warn below a threshold. Combine it with Presidio: Presidio keeps PII out; Lakera keeps malicious prompts out.

Concrete examples from the fca project context

Example 1

security_service.sanitize() calls LakeraGuard(api_key=…) before any LLM call.

Example 2

Threshold 0.85 returns a “rejected” response; otherwise proceed with scrubbed input.

Example 3

Add a local regex fallback for known obfuscation patterns in case Lakera is down (graceful degradation).

Data flow / flow chart

user_msg -> Presidio -> Lakera -> safe_msg -> LLM
  (Lakera rejects jailbreaks; Presidio redacts PII)

Takeaway

Defense in depth — Presidio for PII, Lakera for jailbreaks, both before the LLM.