GitHub repository documents 16 prompt injection techniques and defense strategies for public AI chats

A developer built a custom AI chat on their website as an experiment and encountered multiple security challenges when real users attempted to break it. The experience prompted the creation of a comprehensive security guide available on GitHub.
Security challenges encountered
Users attempted various attacks including:
- Prompt injection
- Roleplay attacks
- Multilingual tricks
- Base64 encoded payloads
Defense strategies implemented
The developer documented a defense-in-depth approach covering:
- Input sanitization
- Rate limiting
- Zero-trust system prompt design
- Output controls
- Cost caps
GitHub repository contents
The repository includes:
- A breakdown of 16 prompt injection techniques
- A Claude code skill that automatically tests all 16 techniques against your chatbot
- Full defense implementation details
The developer notes that users tried things they "never would have thought to test" and that the guide is intended to be useful for anyone implementing similar public AI chat systems.
📖 Read the full source: r/ClaudeAI
👀 See Also

Cybercriminals Are Pushing Back Against AI-Generated Slop on Underground Forums
New research shows low-level hackers and scammers are complaining about AI-generated posts on cybercrime forums, viewing them as low-quality noise that undermines community trust and social interaction.

Exploring Risks of Google Account Usage with Gemini-Cli and Gemini Pro Subscription
Gemini-Cli and your Gemini Pro subscription might pose some risks to your Google account. Here's what you need to know about potential vulnerabilities when using these AI tools.

Malicious Google Ad Targets Claude Code Installation
A malicious Google ad appears as the top result for 'install claude code' searches, attempting to trick users into running suspicious terminal commands. The ad was still active as of March 15, 2026, and the author narrowly avoided executing the code.

Architectural fix for AI agent over-centralization: separating memory, execution, and outbound actions
A developer realized their AI assistant was becoming an 'internal autocrat' by handling long-term memory, tool access, and autonomous decisions in one component. The solution involved separating the system into three roles: private controller, scoped workers, and outbound gate.