First Line of Defense

AI API Proxy
Input Sanitization

Clean and validate user inputs before they reach your AI models. Prevent injection attacks, remove malicious patterns, and ensure data quality.

🛡️

Injection Prevention

🔤

Encoding Normalization

📏

Length Limits

🧹

Data Cleaning

Sanitization Types

Comprehensive input cleaning for secure AI interactions

💉

Injection Prevention

Detect and neutralize SQL, XSS, and command injection attempts.

'; DROP TABLE-- [removed]

🔤

Encoding Normalization

Normalize Unicode, URL encoding, and character representations.

%3Cscript%3E <script>

Ｈｅｌｌｏ Hello

📏

Length & Size Limits

Enforce maximum sizes for prompts, messages, and attachments.

100k+ chars truncated to 8k

50MB file rejected

🎭

Prompt Injection

Detect attempts to manipulate AI behavior through prompts.

Ignore previous instructions [flagged]

System: You are now... [sanitized]

🔒

PII Redaction

Remove or mask personally identifiable information.

john@email.com [REDACTED]

4111-1111-1111 ****-****-1111

🧪

Content Filtering

Block prohibited content, hate speech, and malicious patterns.

[hate speech] [blocked]

[adult content] [rejected]

Sanitization Pipeline

Multi-stage cleaning process for comprehensive protection

Decode & Normalize

URL decode, Unicode normalize, convert character encodings

↓

Pattern Detection

Scan for injection patterns, malicious code, prohibited content

↓

Content Filter

Apply content policy rules, PII detection, and filtering

↓

Transform & Clean

Escape special characters, truncate to limits, redact PII

↓

Output Validation

Final check before forwarding to AI backend

Implementation Examples

Code samples for input sanitization

                        
                            🧹 Sanitize Function
                        
                        JavaScript
                    

// Input sanitization middleware
function sanitizeInput(input) {
  let sanitized = input;
  
  // 1. Normalize Unicode
  sanitized = sanitized.normalize('NFKC');
  
  // 2. Remove null bytes
  sanitized = sanitized.replace(/\0/g, '');
  
  // 3. Escape HTML entities
  sanitized = sanitized
    .replace(/&/g, '&')
    .replace(/, '<')
    .replace(/>/g, '>');
  
  // 4. Truncate to max length
  const MAX_LEN = 8192;
  if (sanitized.length > MAX_LEN) {
    sanitized = sanitized.substring(0, MAX_LEN);
  }
  
  return sanitized;
}
                    

                        
                            🛡️ Injection Detection
                        
                        Python
                    

import re

def detect_injection(text):
    """Detect common injection patterns"""
    patterns = [
        # SQL Injection
        r"(\'|\"|;|--|\/\*|\*\/)",
        r"(union|select|insert|delete|drop)",
        
        # XSS
        r"]*>.*?",
        r"javascript:",
        
        # Command Injection
        r"[;&|`$(){}]",
        
        # Prompt Injection
        r"ignore (previous|all) instructions",
        r"system:\s*you are",
    ]
    
    for pattern in patterns:
        if re.search(pattern, text, re.I):
            return True  # Injection detected!
    
    return False
                    

Sanitization Rules

Configure rules for different attack vectors

💉 SQL Injection Patterns

' OR '1'='1 Block

; DROP TABLE Block

UNION SELECT Block

-- comment Remove

🎭 Prompt Injection Patterns

Ignore previous instructions Flag

System: You are now Sanitize

Disregard all above Flag

[INST]...[/INST] Escape

🔒 PII Detection Patterns

\b[\w.-]+@[\w.-]+\.\w+ Redact

\b\d{4}[-\s]?\d{4}[-\s]?\d{4} Mask

\b\d{3}-\d{2}-\d{4} Redact

\b\+?\d{1,3}[-.\s]?\d{10,15} Mask

AI API ProxyInput Sanitization

Sanitization Types

Sanitization Pipeline

Implementation Examples

Sanitization Rules

AI API Proxy
Input Sanitization