Bird
Raised Fist0
Prompt Engineering / GenAIml~5 mins

Prompt injection defense in Prompt Engineering / GenAI - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepModelTryChallengeExperimentRecallMetrics

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is prompt injection in AI language models?
Prompt injection is when someone adds unexpected or harmful instructions into the input prompt to trick the AI into doing something unintended.
Click to reveal answer
beginner
Why is prompt injection a problem for AI systems?
Because it can make the AI give wrong, harmful, or unsafe answers by tricking it with hidden commands inside the prompt.
Click to reveal answer
intermediate
Name one simple way to defend against prompt injection.
One way is to carefully filter or clean the input prompt to remove suspicious or harmful instructions before sending it to the AI.
Click to reveal answer
intermediate
What does 'context isolation' mean in prompt injection defense?
It means keeping the user input separate from the AI's instructions so the user cannot change or add commands that affect the AI's behavior.
Click to reveal answer
intermediate
How can monitoring AI outputs help defend against prompt injection?
By checking if the AI's answers contain unexpected or harmful content, so suspicious outputs can be caught and handled safely.
Click to reveal answer
What is the main goal of prompt injection defense?
APrevent AI from being tricked by harmful instructions
BMake AI respond faster
CImprove AI’s creativity
DReduce AI’s training time
Which method helps keep user input from changing AI instructions?
ABatch normalization
BData augmentation
CModel pruning
DContext isolation
What should you do with suspicious user input before sending it to the AI?
AFilter or clean it
BIgnore it
CAdd more instructions
DSend it as is
Why monitor AI outputs in prompt injection defense?
ATo reduce server load
BTo speed up responses
CTo catch unexpected or harmful responses
DTo increase word count
Prompt injection attacks mainly target which part of AI systems?
AModel weights
BInput prompts
CTraining data
DHardware
Explain what prompt injection is and why it is important to defend against it.
Think about how someone might trick an AI with hidden commands.
You got /3 concepts.
    Describe at least two ways to defend AI systems from prompt injection attacks.
    Consider what you can do before and after the AI processes input.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the main purpose of prompt injection defense in AI systems?
      easy
      A. To protect AI from harmful or tricky user inputs
      B. To improve AI's speed in processing data
      C. To increase the size of the AI model
      D. To reduce the cost of running AI models

      Solution

      1. Step 1: Understand the role of prompt injection defense

        Prompt injection defense is designed to stop harmful or tricky inputs from confusing or misguiding the AI.

      2. Step 2: Compare options with this purpose

        Only To protect AI from harmful or tricky user inputs matches this goal; others relate to speed, size, or cost, which are unrelated.

      3. Final Answer:

        To protect AI from harmful or tricky user inputs -> Option A

      4. Quick Check:

        Purpose of prompt injection defense = Protect AI inputs [OK]
      Hint: Focus on defense meaning protection from bad inputs [OK]
      Common Mistakes:
      • Confusing defense with performance improvement
      • Thinking it changes AI model size
      • Assuming it reduces costs
      2. Which of the following is a correct way to implement a simple prompt injection defense filter in Python?
      easy
      A. if user_input = 'DROP TABLE': block_request()
      B. if 'DROP TABLE' in user_input.upper(): block_request()
      C. if user_input.contains('DROP TABLE'): block_request()
      D. if user_input == 'drop table': block_request()

      Solution

      1. Step 1: Check syntax for string containment in Python

        Python uses in to check if a substring exists in a string, and upper() helps catch case differences.

      2. Step 2: Evaluate each option's correctness

        if 'DROP TABLE' in user_input.upper(): block_request() uses correct syntax and case normalization. if user_input = 'DROP TABLE': block_request() uses assignment instead of comparison. if user_input.contains('DROP TABLE'): block_request() uses a non-existent method contains. if user_input == 'drop table': block_request() checks exact lowercase match, missing case variations.

      3. Final Answer:

        if 'DROP TABLE' in user_input.upper(): block_request() -> Option B

      4. Quick Check:

        Use 'in' and upper() for case-insensitive check [OK]
      Hint: Remember Python uses 'in' for substring checks [OK]
      Common Mistakes:
      • Using '=' instead of '==' for comparison
      • Using non-existent string methods
      • Ignoring case sensitivity in checks
      3. Given the code below, what will be the output if user_input = "Please DROP TABLE users"? 
      def block_request():
    return "Blocked"

def process_input(user_input):
    if 'DROP TABLE' in user_input.upper():
        return block_request()
    return "Allowed"

print(process_input(user_input))
      medium
      A. SyntaxError
      B. Allowed
      C. Blocked
      D. None

      Solution

      1. Step 1: Analyze the condition in process_input

        The input string uppercased is "PLEASE DROP TABLE USERS" which contains "DROP TABLE".

      2. Step 2: Determine which branch runs

        Since the condition is true, block_request() is called, returning "Blocked".

      3. Final Answer:

        Blocked -> Option C

      4. Quick Check:

        Input contains 'DROP TABLE' -> Blocked [OK]
      Hint: Check if uppercase input contains 'DROP TABLE' [OK]
      Common Mistakes:
      • Ignoring case and expecting 'Allowed'
      • Thinking code has syntax errors
      • Assuming function returns None by default
      4. Identify the error in this prompt injection defense code snippet: 
      def check_input(text):
    if text.lower().find('delete'):
        return 'Blocked'
    return 'Allowed'
      medium
      A. The find method returns -1 if not found, so condition is wrong
      B. Using lower() is incorrect for filtering
      C. The function should return a boolean, not strings
      D. The function is missing a parameter

      Solution

      1. Step 1: Understand find method behavior

        find returns the index of substring or -1 if not found. In Python, -1 is truthy, so condition fails.

      2. Step 2: Explain why this causes wrong logic

        If 'delete' is not found, condition is true (wrong). It should check if result is not -1 explicitly.

      3. Final Answer:

        The find method returns -1 if not found, so condition is wrong -> Option A

      4. Quick Check:

        Check find() != -1 for correct condition [OK]
      Hint: Remember find() returns -1 if substring missing [OK]
      Common Mistakes:
      • Assuming find() returns False when not found
      • Ignoring that -1 is truthy in Python
      • Thinking lower() is the error
      5. You want to defend an AI prompt from injection attacks by blocking inputs containing any of these words: ['DROP', 'DELETE', 'SHUTDOWN']. Which code snippet correctly implements this defense?
      hard
      A. if user_input.upper() == 'DROP' or 'DELETE' or 'SHUTDOWN': block_request()
      B. if all(word in user_input.upper() for word in ['DROP', 'DELETE', 'SHUTDOWN']): block_request()
      C. if 'DROP' or 'DELETE' or 'SHUTDOWN' in user_input.upper(): block_request()
      D. if any(word in user_input.upper() for word in ['DROP', 'DELETE', 'SHUTDOWN']): block_request()

      Solution

      1. Step 1: Understand the goal to block if any word is present

        We want to block if at least one of the words appears in the input.

      2. Step 2: Evaluate each option's logic

        if any(word in user_input.upper() for word in ['DROP', 'DELETE', 'SHUTDOWN']): block_request() uses any() correctly to check presence of any word. if all(word in user_input.upper() for word in ['DROP', 'DELETE', 'SHUTDOWN']): block_request() requires all words, which is too strict. if 'DROP' or 'DELETE' or 'SHUTDOWN' in user_input.upper(): block_request() has incorrect syntax; it always evaluates to true due to or chaining. if user_input.upper() == 'DROP' or 'DELETE' or 'SHUTDOWN': block_request() compares whole input to each word incorrectly.

      3. Final Answer:

        if any(word in user_input.upper() for word in ['DROP', 'DELETE', 'SHUTDOWN']): block_request() -> Option D

      4. Quick Check:

        Use any() to check multiple keywords [OK]
      Hint: Use any() to check if any keyword is in input [OK]
      Common Mistakes:
      • Using all() instead of any()
      • Incorrect or chaining causing always true
      • Comparing whole string instead of substring