PatternGuard¶
PatternGuard uses Aho-Corasick multi-pattern matching and regex for fast detection of prompt injection and jailbreak attempts.
Overview¶
| Property | Value |
|---|---|
| Latency | <1ms |
| Memory | 5 KB |
| Async | No |
| ML Required | No |
Features¶
- 30+ built-in attack patterns
- Custom pattern support
- Case-insensitive matching
- Multiple severity levels
- Zero runtime compilation (patterns compiled at init)
Usage¶
Rust¶
use oxideshield_guard::{Guard, PatternGuard};
let guard = PatternGuard::new("injection-detector");
// Check input
let result = guard.check("ignore previous instructions");
if !result.passed {
println!("Attack detected: {}", result.reason.unwrap());
println!("Severity: {:?}", result.severity);
}
// Add custom patterns
let guard = PatternGuard::builder("custom")
.add_pattern("secret code", "custom", Severity::High)
.add_regex(r"password\s*[:=]", "credential_leak", Severity::Critical)
.build();
Python¶
from oxideshield import pattern_guard
guard = pattern_guard()
result = guard.check("ignore previous instructions")
if not result.passed:
print(f"Blocked: {result.reason}")
print(f"Severity: {result.severity}")
Built-in Patterns¶
OxideShield ships with 30+ built-in attack patterns covering key OWASP LLM Top 10 categories:
- Instruction Override — detects attempts to override system instructions
- Instruction Injection — catches injected instruction payloads
- Role Manipulation — blocks persona and role-switching attacks
- System Prompt Extraction — prevents system prompt leakage attempts
- Jailbreak Attempts — identifies common jailbreak techniques
Patterns are continuously updated as new attack vectors emerge. Use the built-in set as a starting point and add custom patterns for your domain.
Custom Patterns¶
Rust¶
use oxideshield_guard::{PatternGuard, PatternConfig, Severity};
let guard = PatternGuard::builder("custom")
// Literal string patterns (fastest)
.add_pattern("internal api", "sensitive", Severity::Medium)
.add_pattern("secret key", "credential", Severity::High)
// Regex patterns (more flexible)
.add_regex(r"api[_-]?key\s*[:=]", "api_key", Severity::Critical)
.add_regex(r"(?i)password\s*[:=]\s*\S+", "password", Severity::Critical)
// Load from file
.add_patterns_from_file("custom_patterns.yaml")?
.build();
Pattern File Format¶
# custom_patterns.yaml
patterns:
- pattern: "internal use only"
category: sensitive
severity: medium
- pattern: "api_key"
category: credential
severity: high
regex: true # Treat as regex
- pattern: "(?i)bearer\\s+[a-z0-9-_]+\\.[a-z0-9-_]+\\.[a-z0-9-_]+"
category: jwt_token
severity: critical
regex: true
Configuration¶
YAML¶
guards:
pattern:
enabled: true
severity_threshold: medium # Block medium and above
custom_patterns:
- pattern: "company secret"
category: proprietary
severity: high
Environment Variables¶
Performance¶
PatternGuard uses Aho-Corasick algorithm for O(n) multi-pattern matching:
Benchmark: 100 patterns, 10KB input
──────────────────────────────────
Operation Time
──────────────────────────────────
is_match() 97ns
find_matches() 15μs
──────────────────────────────────
Best Practices¶
First Line of Defense
Use PatternGuard as your first line of defense - it's fast enough to run on every request with negligible latency.
Defense in Depth
Pattern matching alone cannot catch all attacks. Combine with other guards for defense-in-depth.
- Layer with other guards - PatternGuard is fast but not comprehensive on its own; combine with PerplexityGuard for adversarial suffixes
- Set appropriate severity - Use
mediumthreshold for most cases - Update patterns regularly - New attack vectors emerge frequently
- Monitor false positives - Review blocked requests periodically