ZeroLeaks
Platform

Auto Prompt Hardening

AI-generated hardened prompts, validation loop, and how to use the hardened prompt from the report.

Auto Prompt Hardening

After a scan completes, ZeroLeaks can automatically generate a hardened version of your system prompt and validate it with a re-scan. This section explains how it works.

Overview

Hardening uses an AI security engineer persona to:

  1. Analyze successful attack vectors from the scan
  2. Generate a hardened prompt that addresses those vectors
  3. Re-run the scan on the hardened prompt
  4. Repeat up to 2 rounds if the score does not meet the threshold

The hardened prompt is designed to preserve your original intent while adding security rules and defensive instructions.

Validation Loop

The validation loop runs after hardening is generated:

  1. Round 1: The hardened prompt is scanned (extraction, injection, or both, depending on scan mode). The score is recorded.
  2. Threshold check: If the score is 80 or higher, the loop stops. The hardened prompt is considered validated.
  3. Round 2 (if needed): If the score is below 80, the AI generates a new hardened prompt targeting the remaining weak spots. The re-hardened prompt is scanned again.
  4. Completion: The loop stops after 2 rounds or when the threshold is met. No further rounds are run.

Threshold

The hardening target is a score of 80 or higher. A score of 80 indicates the prompt is reasonably secure against the tested attacks. You can still improve further by manually refining based on recommendations.

Before and After Scores

The report shows:

  • Before score: Your original prompt's score from the initial scan
  • After score: The score of the hardened prompt after validation
  • Improvement percentage: How much of the "headroom" (100 - before) was recovered

If validation fails (e.g., all rounds error or the score regresses), the report still includes the hardened prompt and the last round's results. You can use it as a starting point for manual edits.

Copying the Hardened Prompt

The hardened prompt is in the report under Prompt Remediation or Hardening. You can:

  1. Expand the hardened prompt section
  2. Click Copy to copy the full text
  3. Paste it into your application's system prompt configuration

The report may also include a GitHub patch or additions for applying the changes to a specific file. Use these if you store prompts in version-controlled files.

Regression Handling

If a validation round produces a score lower than the previous round (beyond a small tolerance), the loop treats it as a regression. The previous prompt is retained, and the loop stops. This prevents over-hardening that degrades behavior.

When Hardening Runs

Hardening runs automatically when:

  • The scan completes (Full, extraction, or injection)
  • The scan produced findings or injection successes
  • The worker has capacity to run the validation loop

Hardening may be skipped if the hardened prompt is empty, too short, or if generation fails. In that case, the report still includes recommendations for manual hardening.

Attack Categories

The 19 attack categories ZeroLeaks uses for extraction and injection testing.

Scoring

How ZeroLeaks calculates security scores and vulnerability classifications.

On this page

Auto Prompt HardeningOverviewValidation LoopBefore and After ScoresCopying the Hardened PromptRegression HandlingWhen Hardening Runs