LLM Security Guardrails Lab: Building a Testable AI Security Defense Baseline

A lightweight lab project for experimenting with and testing large language model (LLM) security guardrails, providing prompt injection detection, sensitive information desensitization, and a deterministic testing framework to help developers establish verifiable AI security defense mechanisms.

Many current "security solutions" on the market are often limited to conceptual promotion and lack verifiable implementations. The LLM-Security-Guardrails-Lab project clearly positions itself as an educational/experimental security lab rather than a production-grade firewall. This honest positioning makes it an excellent starting point for understanding LLM security protection mechanisms.

The project's core goal is to demonstrate the difference between "testable defense engineering" and "security theater"—establishing a truly trustworthy security baseline through deterministic control logic, clear detection reasons, and test-based verification methods.

The project currently implements the following key capabilities:

This feature adopts a conservative strategy to identify and desensitize simple sensitive value patterns, including common credential formats such as API keys, passwords, and Bearer tokens. This preprocessing can effectively reduce the risk of accidental leakage of sensitive information through user input.

This is the project's core detection engine, capable of identifying multiple typical prompt injection attack patterns:

• Instruction Override Attempt: Detects typical injection phrases like "ignore previous instructions"
• System Prompt Theft: Identifies requests asking the model to leak system-level instructions
• Dangerous Tool Calls: Marks inputs containing dangerous operations such as shell execution and code injection

The detection result includes three key fields: blocked (whether intercepted), reasons (list of interception reasons), and sanitized_prompt (sanitized prompt), providing complete information for subsequent processing.

For scenarios requiring processing of multiple inputs, the project provides a batch detection interface, maintaining deterministic detection behavior while improving processing efficiency.

The project is implemented in Python with a clear and concise code structure:

• src/guardrails.py: Core guardrail logic and decision model
• tests/test_prompt_injection.py: Repeatable prompt security test cases
• .github/workflows/ci.yml: Continuous integration pipeline

The design philosophy emphasizes transparency and testability. Detection rules are based on explicit pattern matching rather than black-box models, which makes security behavior understandable, auditable, and verifiable.

The project has established a pytest-based testing framework, currently covering:

• Desensitization of obvious key-like strings
• Safe passage of normal prompts
• Detection of instruction override language
• Identification of tool abuse language

This test-driven approach ensures the predictability of guardrail behavior and provides regression protection for subsequent iterations.