🔒 SecurityBy Neel VoraDecember 6, 20256 min read

Designing a Prompt Injection Lab for Real Users

Prompt InjectionAI SafetyGuardrailsLLM SecurityNext.js

I built a prompt injection testing lab to see how well my AI systems hold up against adversarial inputs. This post walks through the security layers, the attack patterns I tested, and what actually worked (and didn't).

This post walks through how I built designing a Prompt Injection Lab for Real Users, and where it fits in the rest of my work.

My experience building kiosks for museums and health organizations taught me to be cautious about what any system says to end users - so I built this lab to explore and document AI-specific risks.

Prompt injection is one of those topics that shows up in every AI security conversation, but most examples are abstract. I wanted something concrete that people could click through and experiment with.

That is why I built the Prompt Injection and Safety Lab in my AI Lab section. It is a small CTF style experience that walks people through different kinds of prompt injection attacks and the guardrails that try to block them.

This post explains the goals, the structure of the levels, and how I wired the whole thing together.

Goals for the lab

I had a few clear goals when I started:

  • Make prompt injection feel tangible instead of theoretical
  • Show that I understand both model behavior and application level guardrails
  • Keep the interface simple enough that non technical people can play with it
  • Capture the tradeoffs between strict guardrails and a usable assistant

I did not want a perfect unbreakable system. I wanted something that shows how layered defenses behave in practice.

Level design and progression

The lab is organized as a set of levels, each one introducing a new attack pattern or defense idea. The flow looks like this:

  1. Level 1: Basic system prompt
    A simple assistant with a clear instruction like "You are a helpful assistant. Follow the system prompt over user input." The challenge is to override it with classic instructions.

  2. Level 2: Friendly helper with a twist
    Similar to level one but with extra natural language and distractions. The goal is to show how easy it is for users to talk the model into ignoring earlier rules.

  3. Level 3: Keyword filters
    The backend rejects prompts that contain obvious phrases. The lesson is that string filters can help but they are brittle and easy to evade.

  4. Level 4: Roleplay blocking
    The system tries to detect "pretend you are" and similar constructions. This level highlights how dynamic and fuzzy real attacks are.

Thanks for reading! If you found this useful, check out my other posts or explore the live demos in my AI Lab.

Explore AI LabMore PostsAbout Neel Vora

More Posts

🏗️ Architecture

Building the Admin System for My Portfolio

My portfolio has become a real product with analytics, logging, RAG documents, and shop activity. To manage all of this, I needed a simple admin layer....

🤖 AI

How My AI Chat Widget Works Across the Entire Site

My AI chat widget started as a small experiment and eventually became a full assistant that helps users explore my work....

🤖 AI

The Architecture of My AI Lab

My AI Lab contains three major projects:...