Awesome-ChatGPT-Prompts/prompts/ai-persona/add_ai_protection_1628.md

---
title: "Add AI protection"
contributor: "@davidmytton"
tags: #ai-persona, #davidmytton
---

---
name: add-ai-protection
license: Apache-2.0
description: Protect AI chat and completion endpoints from abuse — detect prompt injection and jailbreak attempts, block PII and sensitive info from leaking in responses, and enforce token budget rate limits to control costs. Use this skill when the user is building or securing any endpoint that processes user prompts with an LLM, even if they describe it as "preventing jailbreaks," "stopping prompt attacks," "blocking sensitive data," or "controlling AI API costs" rather than naming specific protections.
metadata:
  pathPatterns:
    - "app/api/chat/**"
    - "app/api/completion/**"
    - "src/app/api/chat/**"
    - "src/app/api/completion/**"
    - "**/chat/**"
    - "**/ai/**"
    - "**/llm/**"
    - "**/api/generate*"
    - "**/api/chat*"
    - "**/api/completion*"
  importPatterns:
    - "ai"
    - "@ai-sdk/*"
    - "openai"
    - "@anthropic-ai/sdk"
    - "langchain"
  promptSignals:
    phrases:
      - "prompt injection"
      - "pii"
      - "sensitive info"
      - "ai security"
      - "llm security"
    anyOf:
      - "protect ai"
      - "block pii"
      - "detect injection"
      - "token budget"
---

# Add AI-Specific Security with Arcjet

Secure AI/LLM endpoints with layered protection: prompt injection detection, PII blocking, and token budget rate limiting. These protections work together to block abuse before it reaches your model, saving AI budget and protecting user data.

## Reference

Read https://docs.arcjet.com/llms.txt for comprehensive SDK documentation covering all frameworks, rule types, and configuration options.

Arcjet rules run **before** the request reaches your AI model — blocking prompt injection, PII leakage, cost abuse, and bot scraping at the HTTP layer.

## Step 1: Ensure Arcjet Is Set Up

Check for an existing shared Arcjet client (see `/arcjet:protect-route` for full setup). If none exists, set one up first with `shield()` as the base rule. The user will need to register for an Arcjet account at https://app.arcjet.com then use the `ARCJET_KEY` in their environment variables.

## Step 2: Add AI Protection Rules

AI endpoints should combine these rules on the shared instance using `withRule()`:

### Prompt Injection Detection

Detects jailbreaks, role-play escapes, and instruction overrides.

- JS: `detectPromptInjection()` — pass user message via `detectPromptInjectionMessage` parameter at `protect()` time
- Python: `detect_prompt_injection()` — pass via `detect_prompt_injection_message` parameter

Blocks hostile prompts **before** they reach the model. This saves AI budget by rejecting attacks early.

### Sensitive Info / PII Blocking

Prevents personally identifiable information from entering model context.

- JS: `sensitiveInfo({ deny: ["EMAIL", "CREDIT_CARD_NUMBER", "PHONE_NUMBER", "IP_ADDRESS"] })`
- Python: `detect_sensitive_info(deny=[SensitiveInfoType.EMAIL, SensitiveInfoType.CREDIT_CARD_NUMBER, ...])`

Pass the user message via `sensitiveInfoValue` (JS) / `sensitive_info_value` (Python) at `protect()` time.

### Token Budget Rate Limiting

Use `tokenBucket()` / `token_bucket()` for AI endpoints — the `requested` parameter can be set proportional to actual model token usage, directly linking rate limiting to cost. It also allows short bursts while enforcing an average rate, which matches how users interact with chat interfaces.

Recommended starting configuration:

- `capacity`: 10 (max burst)
- `refillRate`: 5 tokens per interval
- `interval`: "10s"

Pass the `requested` parameter at `protect()` time to deduct tokens proportional to model cost. For example, deduct 1 token per message, or estimate based on prompt length.

Set `characteristics` to track per-user: `["userId"]` if authenticated, defaults to IP-based.

### Base Protection

Always include `shield()` (WAF) and `detectBot()` as base layers. Bots scraping AI endpoints are a common abuse vector. For endpoints accessed via browsers (e.g. chat interfaces), consider adding Arcjet advanced signals for client-side bot detection that catches sophisticated headless browsers. See https://docs.arcjet.com/bot-protection/advanced-signals for setup.

## Step 3: Compose the protect() Call and Handle Decisions

All rule parameters are passed together in a single `protect()` call. Use this pattern:
Automated ingestion of prompt: Add AI protection 2026-06-06 20:44:25 +00:00			`---`
			`title: "Add AI protection"`
			`contributor: "@davidmytton"`
			`tags: #ai-persona, #davidmytton`
			`---`

			`---`
			`name: add-ai-protection`
			`license: Apache-2.0`
			description: Protect AI chat and completion endpoints from abuse — detect prompt injection and jailbreak attempts, block PII and sensitive info from leaking in responses, and enforce token budget rate limits to control costs. Use this skill when the user is building or securing any endpoint that processes user prompts with an LLM, even if they describe it as "preventing jailbreaks," "stopping prompt attacks," "blocking sensitive data," or "controlling AI API costs" rather than naming specific protections.
			`metadata:`
			`pathPatterns:`
			`- "app/api/chat/**"`
			`- "app/api/completion/**"`
			`- "src/app/api/chat/**"`
			`- "src/app/api/completion/**"`
			`- "/chat/"`
			`- "/ai/"`
			`- "/llm/"`
			`- "*/api/generate"`
			`- "*/api/chat"`
			`- "*/api/completion"`
			`importPatterns:`
			`- "ai"`
			`- "@ai-sdk/*"`
			`- "openai"`
			`- "@anthropic-ai/sdk"`
			`- "langchain"`
			`promptSignals:`
			`phrases:`
			`- "prompt injection"`
			`- "pii"`
			`- "sensitive info"`
			`- "ai security"`
			`- "llm security"`
			`anyOf:`
			`- "protect ai"`
			`- "block pii"`
			`- "detect injection"`
			`- "token budget"`
			`---`

			`# Add AI-Specific Security with Arcjet`

			`Secure AI/LLM endpoints with layered protection: prompt injection detection, PII blocking, and token budget rate limiting. These protections work together to block abuse before it reaches your model, saving AI budget and protecting user data.`

			`## Reference`

			`Read https://docs.arcjet.com/llms.txt for comprehensive SDK documentation covering all frameworks, rule types, and configuration options.`

			`Arcjet rules run before the request reaches your AI model — blocking prompt injection, PII leakage, cost abuse, and bot scraping at the HTTP layer.`

			`## Step 1: Ensure Arcjet Is Set Up`

			Check for an existing shared Arcjet client (see `/arcjet:protect-route` for full setup). If none exists, set one up first with `shield()` as the base rule. The user will need to register for an Arcjet account at https://app.arcjet.com then use the `ARCJET_KEY` in their environment variables.

			`## Step 2: Add AI Protection Rules`

			AI endpoints should combine these rules on the shared instance using `withRule()`:

			`### Prompt Injection Detection`

			`Detects jailbreaks, role-play escapes, and instruction overrides.`

			- JS: `detectPromptInjection()` — pass user message via `detectPromptInjectionMessage` parameter at `protect()` time
			- Python: `detect_prompt_injection()` — pass via `detect_prompt_injection_message` parameter

			`Blocks hostile prompts before they reach the model. This saves AI budget by rejecting attacks early.`

			`### Sensitive Info / PII Blocking`

			`Prevents personally identifiable information from entering model context.`

			- JS: `sensitiveInfo({ deny: ["EMAIL", "CREDIT_CARD_NUMBER", "PHONE_NUMBER", "IP_ADDRESS"] })`
			- Python: `detect_sensitive_info(deny=[SensitiveInfoType.EMAIL, SensitiveInfoType.CREDIT_CARD_NUMBER, ...])`

			Pass the user message via `sensitiveInfoValue` (JS) / `sensitive_info_value` (Python) at `protect()` time.

			`### Token Budget Rate Limiting`

			Use `tokenBucket()` / `token_bucket()` for AI endpoints — the `requested` parameter can be set proportional to actual model token usage, directly linking rate limiting to cost. It also allows short bursts while enforcing an average rate, which matches how users interact with chat interfaces.

			`Recommended starting configuration:`

			- `capacity`: 10 (max burst)
			- `refillRate`: 5 tokens per interval
			- `interval`: "10s"

			Pass the `requested` parameter at `protect()` time to deduct tokens proportional to model cost. For example, deduct 1 token per message, or estimate based on prompt length.

			Set `characteristics` to track per-user: `["userId"]` if authenticated, defaults to IP-based.

			`### Base Protection`

			Always include `shield()` (WAF) and `detectBot()` as base layers. Bots scraping AI endpoints are a common abuse vector. For endpoints accessed via browsers (e.g. chat interfaces), consider adding Arcjet advanced signals for client-side bot detection that catches sophisticated headless browsers. See https://docs.arcjet.com/bot-protection/advanced-signals for setup.

			`## Step 3: Compose the protect() Call and Handle Decisions`

			All rule parameters are passed together in a single `protect()` call. Use this pattern: