How do I protect against LLM prompt injection?

Updated
Short answer

Three layers: input sanitization + Llama Guard 4 classification on input AND output + scope-bounded tools/egress. Securie's llm-safety crate ships all three.

Defense-in-depth: (1) sanitize user input + retrieved content before LLM context inject, (2) run Llama Guard 4 on both input + output classification, (3) scope-bound tools so the LLM can't fetch arbitrary URLs.

Production-tier boot refuses to start without LLAMA_GUARD_URL set in Securie's prod-boot contract.

People also ask

How do I prevent MCP prompt injection?
Three layers: pre-prompt-output sanitization, scope-bounded egress (only operator-allowed hosts), and Llama Guard 4 clas