Drop-in Python library that scans prompts through 8 detection layers and catches 17 attack vectors in under 1ms. Zero dependencies.
Every prompt is scanned through a multi-stage pipeline. Each layer catches what others miss.
70+ regex signatures across 9 categories detect role hijacks, delimiter escapes, jailbreaks, and tool abuse.
Multi-persona patterns, instruction sandwiches, role stacking, invisible Unicode, and token stuffing.
Shannon entropy + multi-format decoder catches base64, hex, ROT13, and Unicode encoded payloads.
5-category keyword scoring detects system manipulation, code execution, data exfiltration, and social engineering.
Zero-width character markers verify the model hasn't been hijacked mid-conversation.
Tracks conversation history for boiling-frog escalation, sudden spikes, and multi-vector probing.
Embedded content scanner for HTML comments, hidden divs, markdown images, data URIs, and JSON fields.
Unicode analysis for homoglyphs (Cyrillic/Greek), leetspeak, reversed text, mixed scripts, spaced characters.
Drop in, scan, decide. That's it.
from prompt_armor import analyze # Scan user input before it reaches your LLM verdict = analyze(user_input) if verdict.threat_level in ("hostile", "critical"): return "⚠️ Blocked — injection detected" # Safe to forward to LLM response = llm.chat(user_input)
Scan prompts from terminal, files, or stdin. Returns exit code 1 for hostile+ threats.
$ prompt-armor scan "Ignore all previous instructions" Risk Score: 88.2/100 Threat Level: CRITICAL Input Hash: f6a4446ff0131378... Findings (3): ⚠ lexical [ROLE_HIJACK] Matched role_hijack signature at position 0 (95%) ⚠ lexical [DATA_EXFILTRATION] Matched data_exfiltration signature at position 37 (85%) ⚠ semantic [INSTRUCTION_OVERRIDE] Semantic alignment with system_manipulation (62%) $ prompt-armor scan --json "Hello, how are you?" { "risk_score": 0, "threat_level": "clean", "findings": [] } $ prompt-armor bench Average: 0.22ms/scan Throughput: 4,632 scans/sec
Whether you're building a chatbot or a production AI pipeline, Prompt Armor drops in.
Scan every user message before it reaches your LLM. Block jailbreaks, role hijacks, and prompt leaks in real-time.
Add as middleware in your AI chain. Filter RAG inputs, tool calls, and agent responses.
Deploy as an API gateway between users and your AI models. Enforce security policies at scale.
Scan prompt templates and test fixtures in CI. Fail builds if injection vectors are detected.
Audit existing prompt libraries for vulnerabilities. Generate compliance reports with threat scores.
Use the built-in bench and 17 vector definitions to test your own LLM's resilience to attacks.
Spin up a hosted scanning service with one command. Built on FastAPI.
$ prompt-armor server --port 8080 🛡️ Prompt Armor API v2.0 Docs: http://localhost:8080/docs Scan: POST /v1/scan Batch: POST /v1/scan/batch
$ curl -X POST http://localhost:8080/v1/scan \ -H "X-API-Key: pa_pro_xxx" \ -H "Content-Type: application/json" \ -d '{"text": "Ignore previous instructions"}' { "risk_score": 88.2, "threat_level": "critical", "findings": [...], "scan_time_ms": 0.22, "tier": "pro" }
Start free. Scale when you need to.
Pure Python, zero dependencies. Integrates with anything.
pip install, import, done. No C extensions or heavy deps.
Built-in API server with OpenAPI docs, CORS, auth, and rate limiting.
Drop in as custom tool or chain middleware. Filter before & after LLM calls.
Ship as a sidecar container. Scan at the network edge.
CI/CD prompt scanning. Fail builds on hostile prompt templates.
AWS Lambda, GCP Functions, Azure — deploy anywhere Python runs.
One pip install. Three lines of code. Eight layers of defense.