Cawght
Cawght/PromptLock
Open Source — MIT License

Stop prompt injections
in under 10ms

PromptLock is an open-source engine that sanitizes, detects, and blocks prompt injection attacks before they reach your LLM.

GoPyPInpm
View on GitHub

Try breaking it — type a prompt injection below ↓

Try it live

Send a prompt to an LLM — toggle the shield to see the difference.

Shield ON

Enter a prompt or click an example above.

Defense-in-depth for LLM apps

Jailbreaks, instruction override, system prompt extraction, encoded payloads, PII leaks — blocked before they reach the model.

70+ Attack Patterns

Jailbreaks, instruction override, prompt leaks, token smuggling, context overflow.

Vector Similarity

200 embedded attack samples. Catches paraphrased attacks no regex can match.

PII Redaction

Email, phone, credit card (Luhn), SSN, API keys — redacted before reaching the LLM.

Security Delimiters

Randomized XML tags separate trusted instructions from untrusted user data.

Unicode Normalization

NFKC normalization blocks homoglyph attacks. Invisible char stripping. Base64/Hex decoding.

Shadow LLM Judge

Optional local model classifies novel attacks that bypass pattern matching.

Choose your security level

More layers catch more attacks — but add latency. You choose the tradeoff.

Basic

~3ms
Unicode sanitization
High + Critical patterns only
PII redaction
Vector similarity
Delimiters
Judge LLM

Blocks only confirmed attacks (score ≥ 70). Fastest path for high-throughput apps.

Recommended

Balanced

~8ms
Unicode sanitization
All 71 patterns
PII redaction
Vector similarity
Delimiters
Judge LLM

Blocks likely attacks (score ≥ 40). Best balance of speed and coverage for most apps.

Aggressive

~300ms
Unicode sanitization
All 71 patterns
PII redaction
Vector similarity (200 embeddings)
Delimiters
Judge LLM (local model)

Blocks suspicious inputs (score ≥ 15). Maximum security. Requires Ollama for embeddings + judge.

For context: a typical LLM API call takes 500–3000ms. Even aggressive mode adds less latency than the LLM itself.

Quick start

Go
shield, _ := promptlock.New(
    promptlock.WithLevel(promptlock.Balanced),
    promptlock.WithRedactPII(true),
)

safe, err := shield.Protect(ctx, userInput)
if err != nil {
    // blocked — prompt injection detected
}
Python
from promptlock import Shield

shield = Shield(level="balanced", redact_pii=True)

safe = shield.protect(user_input)
clean = shield.verify_context(rag_chunks)
TypeScript
import { Shield } from '@hatchedland/prompt-lock';

const shield = new Shield({ level: 'balanced' });

const safe = shield.protect(userInput);
const clean = shield.verifyContext(ragChunks);

Wraps your search + LLM flow

Two lines to protect. One for the user query, one for the RAG context.

Python
def secure_search(query):
    safe_query = shield.protect(query)           # 1. protect input
    chunks = vector_db.query(safe_query)         # 2. search
    clean = shield.verify_context(chunks)        # 3. verify context
    return llm.generate(safe_query, clean)       # 4. generate

Open source. MIT license. Free forever.

Built by Cawght — AI-powered security testing for applications that need to enforce their own rules.

GitHub RepoGo Docs
Cawght

Also from us

Cawght — AI-powered business logic testing

Record your app, let AI find where the business rules break. Test for privilege escalation, IDOR, race conditions, and more.

Learn more