DEV Community: Aaradhanah Appalo Eleven

LLM Prompt Injection & Guardrail Security

Aaradhanah Appalo Eleven — Thu, 18 Jun 2026 03:37:19 +0000

A recall reference built from working through a 7-layer prompt-injection challenge. Focus: how each defense layer works, where it breaks, and most importantly how to defend.

The one idea underneath everything

LLMs have no hard boundary between instructions and data. Everything in the context window — system prompt, user message, retrieved documents — is one stream of tokens the model interprets. Prompt injection exploits exactly this: attacker-controlled data gets read as instructions. You cannot fully filter your way out of it; you manage it with defense-in-depth, knowing each individual layer is bypassable.

The defense layers (and where each cracks)

A progression of controls from weakest to strongest, each with the lesson it teaches.

1–2. No / weak guardrails

Baseline: the model just answers. Lesson: an LLM holding secrets in its context with no controls will leak them on request.

3. Input filtering — block words in the user's message

Defense: scan the incoming prompt for banned terms ("code", "secret", "reveal") and block.
Weakness: keyword blocklists are trivially evaded — synonyms, misspellings, split words, leetspeak, another language, oblique references. Filtering strings doesn't filter intent.
What actually helps: prefer allowlists to blocklists; classify intent semantically rather than matching keywords; treat all input as untrusted; rate-limit and log probing.

4. Output filtering — catch the secret in the response

Defense: string-match the known secret in the model's output and redact.
Weakness: substring matching only catches the contiguous secret. Fragmenting or transforming it (separators, per-character, encodings) means the literal string never appears, so there is nothing to match.
What actually helps: don't put secrets where the model can emit them in the first place; minimize sensitive data in context; treat output filtering as a brittle last line, never a primary control.

5. Input + output filtering combined

Defense: both of the above, stacked.
Weakness: the weaknesses stack too — slip past the input filter with obfuscation, then past the output filter with fragmentation. Layering raises the bar but each layer is still individually defeatable.
Lesson: layering is good, but "more filters" is not the same as "secure."

6. Second LLM as a guardrail — semantic check

Defense: a separate model reads the output and censors it if it recognizes the secret. It understands meaning, not just strings, so it catches fragmentation and reversal.
Weakness: a reasoning judge can be socially engineered — reframe the secret so the judge believes it is harmless (e.g., "this code is expired / has changed"), or present it in a form the judge does not recognize. LLM-judging-LLM inherits all the same manipulability.
What actually helps: pair the LLM judge with deterministic checks; don't treat model-on-model moderation as airtight; constrain what the protected model can even access.

7. Human-in-the-loop review

Defense: a person reviews outgoing messages and redacts anything that reveals the secret.
Weakness: humans see rendered text, not raw bytes. Content can be hidden from human eyes while still being read by the model — this is ASCII smuggling (next section). The control fails by construction.
What actually helps: never rely on human review of rendered text alone; sanitize and normalize the raw input stream before it reaches the model or the human.

Deep dive: ASCII Smuggling (the interesting one)

What it is. An application-logic flaw that abuses the gap between the display layer (the UI renders certain characters as nothing) and the raw data stream (the model tokenizes everything, invisible characters included). Hidden text is embedded using characters invisible to humans but live to the LLM.

The invisible vehicles:

Unicode Tags block (U+E0000–U+E007F) — deprecated tag characters mirroring ASCII; invisible in essentially every renderer. The primary smuggling channel.
Zero-width characters — ZWSP (U+200B), ZWNJ (U+200C), ZWJ (U+200D), BOM / ZWNBSP (U+FEFF).
Bidirectional controls (U+202A–U+202E, U+2066–U+2069) — the "Trojan Source" family; reorder displayed text vs. logical order.

Why it matters now. LLMs are wired into email, calendars, documents, and RAG pipelines. Documented real-world impact (FireTail, Sept 2025) includes:

Identity spoofing — a tampered calendar invite whose hidden text rewrites the organizer; the assistant reads the spoofed identity and the victim never accepted the invite.
Autonomous data exfiltration — a hidden email instruction telling an inbox-connected assistant to search for and leak sensitive items.
Content poisoning — a product review with a hidden "visit scam-store…" that the summarizer surfaces as if it were customer consensus.

It bypasses the "Accept/Decline" gate and human review entirely. Their tests found Gemini, Grok, DeepSeek vulnerable, while ChatGPT, Copilot, Claude scrubbed the input.

The key mental model: this is not a model jailbreak — it is a pipeline / UI flaw. The fix lives in the application, not the model.

Defenses:

Inspect and sanitize the raw payload the tokenizer receives, not the rendered text.
Strip Tags-block, zero-width, and control / format characters; NFKC-normalize.
Prefer an allowlist of the Unicode categories you actually need over chasing bad ranges.
Flag inputs where visible / printable length diverges sharply from the raw code-point count — a strong "someone is probing me" signal.
Apply all of this to retrieved / ingested content (RAG), not just user prompts — a poisoned document is the same threat as a malicious message.
Log the anomalies and treat them as attack telemetry. (AWS has published guidance on Unicode-smuggling defenses; Google declined to act on the disclosure — so responsibility sits with the application owner.)

Cross-cutting principles to remember

All input is untrusted — including documents you retrieve and feed the model. RAG is a top injection vector.
No instruction / data boundary → you can't filter your way to safety; design assuming injection is possible.
Defense-in-depth, with humility — layer controls, but assume each is individually bypassable.
Deterministic beats probabilistic for security-critical checks where you can manage it; don't rely solely on an LLM or a human to "notice."
Normalize bytes at the boundary — before the model and before the human.
Minimize secrets in context — assume anything the model can see can eventually leak.

Staying current on this topic

Frameworks & standards

OWASP Top 10 for LLM Applications / OWASP GenAI Security Project — the canonical threat list; follow the latest revision.
MITRE ATLAS — adversarial threat landscape for AI systems (a catalog of attack techniques).
NIST AI Risk Management Framework — the governance / risk side.

People & blogs worth following

Simon Willison (simonwillison.net) — popularized the term "prompt injection"; ongoing, sharp coverage.
Johann Rehberger / Embrace The Red (embracethered.com) — deep on ASCII smuggling, data exfiltration, and AI-agent attacks.
Lakera (blog + the Gandalf game) — prompt-injection research and a great hands-on trainer.
FireTail blog — the ASCII-smuggling disclosure referenced above.
Vendor security write-ups: Anthropic, OpenAI, Google, Microsoft.

Papers & alerts

arXiv cs.CR for new research.
Set Google Scholar / news alerts for "prompt injection", "indirect prompt injection", "LLM security".

Community & events

DEF CON AI Village; security newsletters such as tl;dr sec; relevant Discords and subreddits.

Hands-on practice (the best way to retain it)

Lakera Gandalf, Prompt Airlines, Secure Code Warrior (what you just did), and AI-security labs as HackTheBox / PortSwigger roll them out; CTFs with AI categories.

A sustainable habit: follow ~3 of the people above, set one Scholar/news alert, and do one hands-on lab a month. That keeps the muscle memory fresh without drinking from the firehose.

Reminder: these notes describe attack **classes* so you can defend against them. The real value is the defensive half — sanitize at the boundary, treat all input (including retrieved content) as untrusted, and never rely on a model or a human to simply "notice."*

How to Create a File Upload Page in React to Display Excel Data as a Table and Send it as an Array of Objects

Aaradhanah Appalo Eleven — Tue, 18 Jul 2023 03:35:05 +0000

In today's digital world, efficient data management plays a crucial role in various applications across diverse domains. One powerful feature that simplifies data import and manipulation is the ability to upload Excel files (XLSX) directly into web applications. In this tutorial, we'll explore how to build a React application that allows users to upload an XLSX file, display its data as a table, and seamlessly send the data to a backend as an array of objects. This functionality finds valuable applications in real-world scenarios, such as data import and management, inventory control, HR operations, and more.

Step 1: Set Up the React Project

Create a new React project using create-react-app. Open your terminal and run the following command:

npx create-react-app excel-file-upload
cd excel-file-upload

Step 2: Install Dependencies

We'll use xlsx for Excel file parsing, react-dropzone for file drop functionality, and react-bootstrap for styling. Install these dependencies by running:

npm install xlsx react-dropzone react-bootstrap @mui/material @mui/icons-material

Step 3: Create the Excel File Uploader Component

Now, let's create the ExcelFileUploader component. Replace the content of src/App.js with the following:

// src/ExcelFileUploader.js
import React, { useState } from "react";
import * as XLSX from "xlsx";
import Dropzone from "react-dropzone";
import { Button } from "react-bootstrap";
import Row from "react-bootstrap/Row";
import Col from "react-bootstrap/Col";
import { Box, Modal } from "@mui/material";
import CloseIcon from "@mui/icons-material/Close";

const ExcelFileUploader = () => {
  // State variables
  const [data, setData] = useState([]);
  const [showForm, setShowForm] = useState(false);
  const [deletePrevious, setDeletePrevious] = useState(false);

  // Handle form close
  const handleFormClose = () => {
    setShowForm(false);
  };

  // Handle file drop
  const handleFileDrop = async (acceptedFiles) => {
    const file = acceptedFiles[0];
    if (file.type !== "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet") {
      alert("We support only xlsx format. Please upload an Excel file.");
      return;
    }
    const reader = new FileReader();

    reader.onload = function (e) {
      const data = e.target.result;
      const workbook = XLSX.read(data, { type: "binary" });
      const sheetName = workbook.SheetNames[0];
      const worksheet = workbook.Sheets[sheetName];
      const parsedData = XLSX.utils.sheet_to_json(worksheet, { header: 1 });

      // Assuming the first row contains the column headers
      const headers = parsedData[0];
      const rows = parsedData.slice(1);

      const result = rows.map((row) => {
        const obj = {};
        headers.forEach((header, index) => {
          obj[header] = row[index];
        });
        return obj;
      });

      setData(result);
    };

    reader.readAsBinaryString(file);
  };

  // Handle form submission
  const handleSubmit = (e) => {
    e.preventDefault();
    if (data.length > 0) {
      // Convert data to the required format for backend
      const stockArray = data.map((item) => ({
        Name: item.Name,
        Description: item.Description,
        SKUCode: item["SKU Code"],
        StockCategory: item["Stock Category"],
        Price: item.Price,
        BrandName: item["Brand Name"],
        ProductName: item["Product Name"],
      }));

      // Send data to backend
      postAddCatering(stockArray);
    } else {
      alert("Please upload an Excel file before submitting.");
    }
  };

  // Send data to backend API
  const postAddCatering = async (stockArray) => {
    // Replace "https://example.com/" with your actual backend API URL
    const url = "https://example.com/";
    const myHeaders = new Headers();
    myHeaders.append("Content-Type", "application/json");

    const raw = JSON.stringify({
      payload: {
        body: {
          query_type: "upload_stocks",
          stock_array: stockArray,
          supplier_id: 1,
          deletePrevious: deletePrevious,
        },
      },
    });

    const requestOptions = {
      method: "POST",
      headers: myHeaders,
      body: raw,
      redirect: "follow",
    };

    try {
      const response = await fetch(url, requestOptions);
      const dataResponse = await response.json();
      if (dataResponse.success === true) {
        alert("Stock List Uploaded Successfully");
        window.location.reload();
      } else {
        alert("Please try again");
        window.location.reload();
      }
    } catch (error) {
      alert("Please try again");
      window.location.reload();
    }
  };

  // Render the component
  return (
    <div>
      <Dropzone onDrop={handleFileDrop}>
        {({ getRootProps, getInputProps }) => (
          <div {...getRootProps()}>
            <input {...getInputProps()} />
            <p>
              Drag and drop an Excel file here, or <strong>click to select one</strong>
            </p>
            <Button>Select</Button>
          </div>
        )}
      </Dropzone>
      <div style={{ paddingBottom: "20px", paddingTop: "20px", paddingLeft: "40%" }}>
        <Button onClick={() => setShowForm(true)}>Submit</Button>
      </div>
      {/* Display the table with data */}
      {/* ... (table code as in the original component) */}
      <Modal
        aria-labelledby="transition-modal-title"
        aria-describedby="transition-modal-description"
        open={showForm}
        onClose={handleFormClose}
        className="modalnvm"
      >
        <Box className="modalnvm-content">
          <CloseIcon
            className="plzHover"
            fontSize="large"
            style={{ margin: 10, float: "right" }}
            onClick={handleFormClose}
          />
          <label>
            <input
              className="paddingPlease"
              type="checkbox"
              checked={deletePrevious}
              onChange={(e) => setDeletePrevious(e.target.checked)}
            />
            <span className="paddingPlease">
              Would you like to delete the previous stock catalog?
            </span>
          </label>
          <span style={{ paddingRight: "40%" }}>
            <Button onClick={handleSubmit}>Confirm</Button>
          </span>
        </Box>
      </Modal>
    </div>
  );
};

export default ExcelFileUploader;

In this article, we have built a React application that allows users to upload an Excel file, view its content as a table, and send the data as an array of objects to a backend API. We used the xlsx library to parse the Excel file, react-dropzone for file drop functionality, and react-bootstrap for styling.

Study in Australia 101: Entrance tests to Landing

Aaradhanah Appalo Eleven — Thu, 01 Sep 2022 03:38:07 +0000

Australia is one of the best higher education hubs in the world. Due to its relaxed entry requirements, attractive scholarships, and stay back for a few years, it helps students gain experience and repay student loans.

Step 1: Entrance Tests

The students from non-English speaking countries must take English language tests to get admission. Most universities prefer IELTS. The minimum overall score should be 6.5 with no bands less than 6.00. There are a plethora of free resources to prepare for the same. The one I used was edX's free course for my preparation is https://www.edx.org/course/ielts-academic-test-preparation.

Step 2: Shortlisting Universities and Programs

Shortlist universities and programs according to your preference. Some of the criteria to consider are the course structure, graduate employment, research, student support, alumni network, your budget, the scope of your course back home, etc. The entry for the programs is flexible so that you can change your domain.

Step 3: Applying to the Universities

The application process is pretty straightforward. Firstly, create an account, fill in the details, and submit the required documents. Most universities have a support system to help with the application make use of it.
Step 4: Receiving the offer and paying the deposit
You'll receive mail about your application status. The acceptance rate for Aussie universities is pretty high compared to the US. If you get accepted, you might receive scholarships from the universities. Don't panic! There are scholarships for your previous academic credentials and your place of origin. It entirely depends on the universities and programs you apply to. Then you need to accept the offer and pay the deposit, which is a part of your first-semester fee and accept the offer.

Step 5: Receiving COE and taking OSHC

After accepting the offer, you'll receive your Confirmation of Enrollment(COE) from the university. Then you need to arrange for Overseas Student Health Insurance(OSHC). You can refer to the website to compare the different insurance providers to choose the best fit for your needs https://oshcaustralia.com.au/en.

Step 6: Applying for the visa

The Australian embassy needs to know whether you can support your education fee and living expenses for the entire course of your study. The application process is entirely online. You need to submit proof of income, Charted accountant statement of your family's net worth, a notarized affidavit of the sponsorship statement, and other documents.
The visa processing time may vary. Don't be tempted; meanwhile, you can access the student email provided by the university. Talk with the seniors, professors, and your classmates. Join the university discord groups to make friends, join the clubs, and have an idea about your study and culture of Australia.

Step 7: Booking flight and Arranging Accommodation

After receiving the visa, you can book your flights to Australia. It is recommended to arrive two weeks before the program commences. You can enter Australia even three months before. Use student privilege in airlines to get extra baggage allowance and ticket discounts. The next thing is to look for accommodation, check out the recommendations by your university, and make a lease. Make sure the place falls into your budget and is nearer to your university.

Happy Journey to Australia!

Stack Data Structure

Aaradhanah Appalo Eleven — Sat, 20 Feb 2021 09:19:43 +0000

Stack data structure resembles the real world stacking of things like papers. The item which is last inserted into the stack will come out first, the principle is called Last In First Out(LIFO).

Implementation

Firstly we create a class for implementation in javascript and then creating three data members top, capacity and an empty array of five undefined items.

class Stack{
      constructor(){
          this.top = 0;
          this.items = new Array(5);
          this.capacity = 5;
      }
}

Functions

The Stack should contain functions for adding an item at the top(push), removing an element from top(pop), check if the stack is empty, check if the stack is full and get the top element of the stack(peek)

  isEmpty() {
    if (this.top === 0) return true;
    else return false;
  }
  isFull() {
    if (this.top === this.capacity) return true;
    else return false;
  }
  push(item) {
    if (this.isFull() === true) {
      console.log("Stack Overflow");
    } else {
      this.items[this.top] = item;
      this.top += 1;
    }
  }
  pop() {
    if (this.isEmpty() === true) {
      return "Stack Underflow";
    } else {
      let item = this.items[this.top - 1];
      delete this.items[this.top - 1];
      this.top -= 1;
      return item;
    }
  }
  peek() {
    return this.items[this.top - 1];
  }

Why we need Stack?

Pushing the element and popping out the element in the stack takes place in a constant time O(1). One of the real time example of stack is browser history, when you click back the site you visited last appears.

Follow me for awesome content on coding.