我为什么要放弃使用正则表达式来确保大型语言模型代理的安全性

I’ve been auditing how open-source execution engines handle prompt injection. Most of them (like OpenClaw) rely on a 3-layer static defense: regex blacklists, XML tagging, and character sanitization.<p>The problem is that regex is a cat-and-mouse game. It misses &quot;disregard prior directives&quot; while looking for &quot;ignore instructions.&quot; It fails entirely on multi-language exploits. Once an Agent has tool access (shell, DB), a single missed semantic variation becomes an RCE.<p>So I built Prompt Inspector. It is a semantic detection engine designed to move beyond blacklists.<p>The core deal:<p>Vector-based detection: Instead of keywords, we use embeddings to map prompts. It catches the intent of an injection, even if the phrasing is unique or translated.<p>Self-evolving loop: Borderline cases trigger an async LLM review. If it is a new attack pattern, the system automatically extracts the embedding and updates the vector database. It learns from new exploits.<p>Decoupled by design: It returns a confidence score rather than a hard block. The developer keeps full control over the execution routing.<p>Pluggable: Started with Google’s latest embeddings, but the architecture allows for custom-deployed models to avoid vendor lock-in.<p>Tech-stack: FastAPI, Vector Database, Google Embedding models, and an LLM-in-the-loop reviewer.<p>I’m currently offering free credits for early testers and open-source projects. I’d love to hear how you guys are handling tool-calling security beyond basic prompt engineering.<p>Live at: https:&#x2F;&#x2F;promptinspector.io