PatternGuard¶

PatternGuard uses Aho-Corasick multi-pattern matching and regex for fast detection of prompt injection and jailbreak attempts.

Overview¶

Property	Value
Latency	<1ms
Memory	5 KB
Async	No
ML Required	No

Features¶

30+ built-in attack patterns
Custom pattern support
Case-insensitive matching
Multiple severity levels
Zero runtime compilation (patterns compiled at init)

Usage¶

Rust¶

use oxide_guard::{Guard, PatternGuard};

let guard = PatternGuard::new("injection-detector");

// Check input
let result = guard.check("ignore previous instructions");
if !result.passed {
    println!("Attack detected: {}", result.reason.unwrap());
    println!("Severity: {:?}", result.severity);
}

// Add custom patterns
let guard = PatternGuard::builder("custom")
    .add_pattern("secret code", "custom", Severity::High)
    .add_regex(r"password\s*[:=]", "credential_leak", Severity::Critical)
    .build();

Python¶

from oxideshield import pattern_guard

guard = pattern_guard()
result = guard.check("ignore previous instructions")

if not result.passed:
    print(f"Blocked: {result.reason}")
    print(f"Severity: {result.severity}")

Built-in Patterns¶

Instruction Override¶

ignore previous instructions
ignore all previous
disregard previous
forget previous
ignore above
disregard above

Instruction Injection¶

new instructions
your new instructions
updated instructions
real instructions

Role Manipulation¶

you are now
act as
pretend to be
roleplay as
you must obey

System Prompt Extraction¶

show me your prompt
what is your system prompt
reveal your instructions
output your system
print your prompt
display your instructions

Jailbreak Attempts¶

developer mode
dan mode
jailbreak
bypass safety
no restrictions
do anything now

Custom Patterns¶

Rust¶

use oxide_guard::{PatternGuard, PatternConfig, Severity};

let guard = PatternGuard::builder("custom")
    // Literal string patterns (fastest)
    .add_pattern("internal api", "sensitive", Severity::Medium)
    .add_pattern("secret key", "credential", Severity::High)

    // Regex patterns (more flexible)
    .add_regex(r"api[_-]?key\s*[:=]", "api_key", Severity::Critical)
    .add_regex(r"(?i)password\s*[:=]\s*\S+", "password", Severity::Critical)

    // Load from file
    .add_patterns_from_file("custom_patterns.yaml")?

    .build();

Pattern File Format¶

# custom_patterns.yaml
patterns:
  - pattern: "internal use only"
    category: sensitive
    severity: medium

  - pattern: "api_key"
    category: credential
    severity: high
    regex: true  # Treat as regex

  - pattern: "(?i)bearer\\s+[a-z0-9-_]+\\.[a-z0-9-_]+\\.[a-z0-9-_]+"
    category: jwt_token
    severity: critical
    regex: true

Configuration¶

YAML¶

guards:
  pattern:
    enabled: true
    severity_threshold: medium  # Block medium and above
    custom_patterns:
      - pattern: "company secret"
        category: proprietary
        severity: high

Environment Variables¶

OXIDESHIELD_PATTERN_ENABLED=true
OXIDESHIELD_PATTERN_SEVERITY_THRESHOLD=medium

Performance¶

PatternGuard uses Aho-Corasick algorithm for O(n) multi-pattern matching:

Benchmark: 100 patterns, 10KB input
──────────────────────────────────
Operation          Time
──────────────────────────────────
is_match()         97ns
find_matches()     15μs
──────────────────────────────────

Best Practices¶

First Line of Defense

Use PatternGuard as your first line of defense - it's fast enough to run on every request with negligible latency.

Defense in Depth

Pattern matching alone cannot catch all attacks. Combine with other guards for defense-in-depth.

Layer with other guards - PatternGuard catches ~70% of attacks; use with PerplexityGuard for adversarial suffixes
Set appropriate severity - Use medium threshold for most cases
Update patterns regularly - New attack vectors emerge frequently
Monitor false positives - Review blocked requests periodically