Secure LLM Agents with Two-Stage Prompt Injection Detection

Fast & Accurate Prompt Injection Detection API

ZooClaw’s security layer utilizes a specialized API to defend autonomous agents from malicious instructions during tool execution and web browsing. The system leverages a two-stage architecture that processes 95 percent of requests via a fast DeBERTa-v3-large classifier in under 10ms.

Why This Matters

Prompt injection is ranked the primary security risk for LLM applications by the OWASP Top 10 for LLMs. As agents gain the ability to browse the web and execute code, a single injected instruction can escalate from a text trick to a critical security incident like data exfiltration. Static rules cannot keep up with semantic adversarial creativity, requiring dedicated low-latency classifiers like DeBERTa-v3-large to sit in the critical path of every LLM call and prevent unauthorized tool access.

Key Insights

• Two-stage architecture: A 0.4B parameter DeBERTa-v3-large model handles initial classification in under 10ms, while a 122B LLM provides deliberation for high-risk cases.
• Performance benchmarking: The system achieved a 0.972 F1 score on English samples, outperforming GPT-4o’s 0.938 F1 score and ProtectAI v2’s 0.912 (2026).
• Fail-closed design: The API defaults to blocking if errors, timeouts, or parse failures occur, ensuring no unclassified text influences agent behavior.
• Exfiltration protection: Targeted detection of sophisticated attacks including markdown image tags and JSON environment variable dumps.
• Multilingual support: Trained and evaluated on datasets across seven languages including Korean, Japanese, and French to secure global RAG pipelines.

Working Examples

Basic Python implementation of the injection guard.

import httpx; def check_injection(text): resp = httpx.post('https://api.apiclaw.io/openapi/v2/model/prompt-injection-detect', headers={'Authorization': 'Bearer YOUR_KEY'}, json={'text': text}, timeout=10.0); data = resp.json()['data']; return data['isInjection']

TypeScript fetch implementation for Next.js API route guards.

async function checkInjection(text: string) { const res = await fetch('https://api.apiclaw.io/openapi/v2/model/prompt-injection-detect', { method: 'POST', headers: { Authorization: 'Bearer KEY', 'Content-Type': 'application/json' }, body: JSON.stringify({ text }) }); return res.json(); }

Practical Applications

• RAG Pipeline Filtering: Scan retrieved documents from external wikis or databases before prompt construction to prevent indirect injection. Pitfall: Relying on system prompts to ignore malicious data.
• Agentic Tool Access: Guard models with code execution or API capabilities to prevent hijacked instructions. Pitfall: Allowing tool outputs to bypass security layers.
• Multi-tenant SaaS: Isolate user inputs to prevent cross-user data leakage or system prompt disclosure. Pitfall: Shared LLM context without input classification.

References:

• https://dev.to/kerrigan_k_106f56de5ab4f4/fast-accurate-prompt-injection-detection-api-apf
• https://api.apiclaw.io/openapi/v2/model/prompt-injection-detect