Overview
This document provides a comprehensive overview of the API endpoints available in the project, highlighting their functionalities, input parameters, and expected responses. Special emphasis is placed on the attack detection mechanisms, advanced caching, zero latency mode, and retrieval of attack data.
Table of Contents
Authentication
Most endpoints require authentication using an API key. The API key should be included in the request headers:
Replace <your_api_key>
with your actual API key.
Attack Detection Mechanism
Strictness Levels
The strictness
parameter controls when advanced detection is performed:
- Level 1 (
strictness = 1
): Advanced detection is performed only if the initial detection indicates a potential prompt injection. - Level 2 (
strictness = 2
): Advanced detection is always performed, regardless of the initial detection result. - Level 3 (
strictness = 3
): Advanced detection is performed only if the initial detection does not indicate a prompt injection.
Using higher strictness levels may result in longer processing times due to additional computation required for advanced detection.
Caching Strategy
To optimize performance and reduce redundant computations, the system implements a caching mechanism:
- Prompt Cache:
- Each analysis result is cached using a hash of the prompt and strictness level as the key.
- Subsequent requests with the same prompt and strictness level retrieve the result from the cache, reducing processing time.
Zero Latency Mode
Zero latency mode allows for immediate responses to the user without waiting for the analysis to complete:
-
When Enabled (
zero_latency = true
):- The system returns a response with
status
set to"success"
and amessage
indicating that processing is occurring in the background. - An
analysis_id
is provided to retrieve the result later using the Get Analysis Result endpoint. - Analysis is performed asynchronously in a background thread, ensuring the main thread remains responsive.
- The system returns a response with
-
When Disabled (
zero_latency = false
):- The system performs analysis synchronously.
- The response includes the analysis result, and the user waits for the operation to complete.
- Suitable for applications where immediate result availability is critical.
Request Example
Responses
Success Response (Synchronous)
- Status Code:
200 OK
- Content-Type:
application/json
- Body:
Accepted Response (Asynchronous)
- Status Code:
202 Accepted
- Content-Type:
application/json
- Body:
Error Responses
400 Bad Request
403 Forbidden
429 Too Many Requests
500 Internal Server Error
Response Fields Description
status
(string
): Indicates the status of the request ("success"
or"error"
).result
(object
): Contains the detection result (present in synchronous responses).is_prompt_injection
(boolean
):true
if prompt injection was detected,false
otherwise.prompt
(string
ornull
): The analyzed prompt, included ifsave_message
istrue
.timestamp
(string
): The timestamp when the analysis was performed, in ISO 8601 format.tag
(string
): The tag associated with the request.analysis_id
(string
): Unique identifier for the analysis; can be used to retrieve results later.chat_id
(string
ornull
): The chat session identifier, if provided.metadata
(object
ornull
): The metadata provided in the request, if any.notifications
(boolean
): Indicates whether notifications were enabled.strictness
(integer
ornull
): The strictness level used in the analysis.initial_detection_label
(string
): Classification label of the initial detection ("INJECTION"
or"SAFE"
).initial_detection_score
(number
ornull
): Confidence score of the initial classification (between0
and1
).advanced_detection_result
(boolean
ornull
): Result of the advanced detection (true
if injection detected,false
if not,null
if advanced detection not performed).checks_count
(integer
): Number of detection checks performed.
Get Analysis Result
-
URL:
https://api.glaider.it/v1/analysis-result
-
Method:
POST
-
Description: Retrieves the result of a previously requested prompt injection analysis using the provided
analysis_id
. -
Headers:
Header Value Authorization Bearer YOUR_API_KEY
Content-Type application/json
Request Body Parameters
Parameter | Type | Required | Description |
---|---|---|---|
analysis_id | string | Yes | The unique identifier of the analysis to fetch. |
Request Example
Response
- Status Code:
200 OK
- Content-Type:
application/json
- Body:
Possible Errors
-
Analysis Not Found:
-
Missing or Invalid Parameters:
Anonymize PII
-
URL:
https://api.glaider.it/v1/anonymize-pii
-
Method:
POST
-
Description: Detects and anonymizes Personally Identifiable Information (PII) within the provided text.
-
Headers:
Header Value Authorization Bearer YOUR_API_KEY
Content-Type application/json
Request Body Parameters
Parameter | Type | Required | Description |
---|---|---|---|
prompt | string | Yes | The text containing potential PII to be anonymized. |
cid | string | No | Client identifier for tracking purposes. |
Request Example
Response
- Status Code:
200 OK
- Content-Type:
application/json
- Body:
Response Fields Description
anonymized_text
(string
): The input text with detected PII replaced by placeholders.entities
(object
): A mapping of placeholders to the original PII detected.
Attack Detection Mechanism
This section provides an in-depth explanation of how the attack detection mechanism works, including strictness levels, caching strategies, zero latency mode, background processing, and advanced attack detection.
Strictness Levels
Strictness levels control the sensitivity and thoroughness of the attack detection process:
-
Strictness Level 1 (
strictness = 1
):- Process: Perform initial detection using a primary lightweight model.
- Advanced Detection: Triggered only if the initial detection indicates a potential prompt injection.
- Use Case: Suitable for environments where performance is critical, and false positives need to be minimized.
-
Strictness Level 2 (
strictness = 2
):- Process: Always perform both initial and advanced detection.
- Advanced Detection: Ensures thorough analysis by leveraging multiple detection mechanisms.
- Use Case: Balances between detection accuracy and performance.
-
Strictness Level 3 (
strictness = 3
):- Process: Perform initial detection; if no prompt injection is detected, proceed with advanced detection.
- Advanced Detection: Aims to catch subtle attacks that might bypass the initial detection.
- Use Case: Ideal for high-security environments where maximum detection is required.
Caching Strategy
Caching is implemented to improve performance and reduce redundant computations:
-
Prompt Cache:
- Key: Hash of the prompt and strictness level.
- Behavior: If a prompt with the same hash is received within the TTL, the cached result is returned immediately.
- Benefits:
- Reduces processing time for repeated prompts.
- Optimizes resource utilization.
-
Attack Result Cache:
- Key:
analysis_id
- Storage: Stores detailed analysis results for retrieval via the
get-analysis-result
endpoint. - Behavior: Ensures that results are accessible even if processing is done asynchronously.
- Key:
Zero Latency Mode
Zero latency mode (zero_latency = true
) allows the system to return a response immediately without waiting for the analysis to complete:
-
Asynchronous Processing:
- The analysis request is placed in a queue.
- Background threads process the queue without blocking the main thread.
- Suitable for applications where immediate user interaction is desired.
-
Retrieving Results:
- Use the provided
analysis_id
to fetch the analysis result via the Get Analysis Result endpoint. - The result becomes available once processing is complete.
- Use the provided
-
Considerations:
- Potential delay in obtaining the final result.
- Requires handling of pending status in client applications.
Background Processing
The system utilizes background threads to handle asynchronous analysis tasks:
-
Thread Management:
- A thread pool manages concurrent processing of analysis requests.
- The number of active threads is controlled to optimize resource utilization.
-
Queue Mechanism:
- Analysis requests are placed in a thread-safe queue.
- Background threads dequeue requests and perform analysis.
-
Error Handling:
- Exceptions during background processing are logged.
- The system ensures that even in case of errors, an appropriate result is stored and can be retrieved.
Advanced Attack Detection
Advanced detection employs sophisticated models and techniques to enhance security:
-
Initial Detection:
- Utilizes a primary model for quick classification.
- Provides labels such as
"SAFE"
or"INJECTION"
with associated confidence scores.
-
Advanced Detection:
- Activated based on the
strictness
level. - Involves deeper analysis using more complex models.
- Aims to reduce false negatives by detecting subtle or sophisticated attacks.
- Activated based on the
-
Model Variations:
- The system uses different models for initial and advanced detection.
- Models are optimized for their respective roles in the detection pipeline.
Notification System
To alert administrators or stakeholders about detected attacks, the system includes a flexible notification mechanism:
-
Email Notifications:
- Automated emails are sent to predefined addresses when an attack is detected.
- Email content includes details such as chatbot source, attack type, timestamp, and attack ID.
- Utilizes HTML templates for structured and professional presentation.
-
Configuration:
- Notification settings can be configured via environment variables or configuration files.
- Recipients, email server settings, and templates are customizable.
- The
notifications
parameter in the request controls whether notifications are sent for a particular analysis.
-
Extensibility:
- The system can be extended to support additional notification channels (e.g., webhooks, SMS) as required.
Example Usage
Detecting a Prompt Injection with Strictness Level 2 and Zero Latency
Request
Initial Response
Retrieving the Analysis Result
After allowing some time for processing, you can retrieve the result:
Analysis Result
Detecting a Safe Prompt
Request
Response
Notes
-
Environment Variables: Configuration parameters like model names, ports, and notification settings are set via environment variables or configuration files. Refer to the
docker-compose.yml
and application settings for details. -
Security:
- API Key Protection: Keep your API key secure. Do not expose it in client-side code, public repositories, or logs.
- Data Privacy: If you enable
save_message
, ensure compliance with data protection regulations (e.g., GDPR, HIPAA) relevant to your organization.
-
Error Handling: Always check the
status
field in responses. In case of an error, themessage
field provides details. -
Rate Limiting: The API enforces rate limits to ensure fair usage. If you exceed the rate limit, you will receive a
429 Too Many Requests
response. Implement appropriate retry logic with exponential backoff. -
Support: For assistance or inquiries, contact the support team at info@glaider.it.
Conclusion
This API provides robust mechanisms for detecting and handling prompt injection attacks, with customizable strictness levels and efficient caching strategies. By leveraging features such as zero latency mode, background processing, and detailed analytics, you can enhance the security and reliability of your applications. The analytics endpoints offer valuable insights into usage patterns and security posture, aiding administrators in monitoring and decision-making.
For any questions or support, please contact info@glaider.it