PromptGuard is a single-file AI security platform that scans user prompts in real-time and classifies them as SAFE, SUSPICIOUS, or DANGEROUS.
๐ก๏ธ PromptGuard โ AI Prompt Security Platform
Real-time AI prompt threat detection powered by RAG, Groq, and llama-3.3-70b-versatile.
๐ Overview
PromptGuard is a single-file AI security platform that scans user prompts in real-time and classifies them as SAFE, SUSPICIOUS, or DANGEROUS. It uses Retrieval-Augmented Generation (RAG) to ground every verdict in your own security policy โ uploading your rules once lets the system cite the exact policy clause violated in each scan.
Built entirely in vanilla HTML/CSS/JS with zero dependencies, it deploys to Netlify in under 60 seconds.
โจ Features
| Feature | Description | |---|---| | ๐ Real-time Prompt Scanning | Classifies any prompt instantly with threat type, severity, and confidence | | ๐ RAG-powered Policy Grounding | Embeds your security policy and retrieves relevant chunks via cosine similarity | | ๐ค llama-3.3-70b-versatile | State-of-the-art LLM analysis running on Groq's ultra-fast inference API | | ๐งฎ 768-dim Vector Embeddings | Uses nomic-embed-text-v1_5 for high-quality semantic search | | ๐ฌ Policy Q&A Chatbot | Ask natural language questions about your AI governance rules | | ๐ Scan History & Stats | Tracks all scans with verdicts, timestamps, and RAG grounding status | | โก Zero Dependencies | Pure HTML/CSS/JS โ no build step, no framework, no npm install |
๐จ Threat Detection Categories
- Prompt Injection โ Hidden instructions that attempt to override system rules
- Jailbreak โ Role-play or fictional framing used to bypass safety guidelines
- Data Exfiltration โ Requests to extract API keys, credentials, or context data
- Social Engineering โ Emotional manipulation to extract sensitive information
- Policy Bypass โ Attempts to circumvent your organization's AI usage policy
- PII Exposure โ Prompts containing or requesting personally identifiable information
๐๏ธ Architecture
User Prompt
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ RAG Retrieval Layer โ
โ Query โ nomic-embed-text (768-dim) โ
โ โ Cosine Similarity โ Top-K Chunks โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Relevant Policy Context
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ llama-3.3-70b-versatile โ
โ (via Groq API) โ
โ Structured JSON verdict output โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
SAFE / SUSPICIOUS / DANGEROUS
+ Threat Type + Severity + Policy Citation
๐ Getting Started
Prerequisites
- A free Groq API key โ takes ~30 seconds to create
Setup
1. Clone the repository
git clone https://github.com/your-username/promptguard.git cd promptguard
2. Add your Groq API key
Open index.html and replace the placeholder on this line:
const GROQKEY = "YOURGROQAPIKEY_HERE";
3. Open in browser
# Just open the file โ no server needed open index.html
That's it. No npm install, no build step.
โ๏ธ Deploy to Netlify
1. Push the repository to GitHub
- Go to netlify.com โ "Add new site" โ "Import from Git"
- Select your repo โ Netlify auto-detects the HTML file
- Click Deploy
Your site is live in under 60 seconds. Set the GROQ_KEY as a Netlify environment variable if you want to avoid committing it.
๐๏ธ Project Structure
promptguard/
โ
โโโ index.html # Entire application โ UI, logic, RAG pipeline
โโโ README.md # This file
๐ Usage Guide
1 โ Scan a Prompt
Paste any AI prompt into the text area and click Analyze prompt. Use the sample chips to quickly load example attacks (injection, jailbreak, exfiltration, social engineering).2 โ Build a Knowledge Base (RAG)
Go to the Knowledge base tab. Choose a built-in policy template:- OWASP LLM Top 10 โ industry-standard LLM security rules
- Corporate AI Policy โ enterprise AI usage guidelines
- Healthcare / HIPAA โ PHI and compliance requirements
nomic-embed-text-v1_5. Once built, all future scans are grounded in your policy.
3 โ Policy Chat
Go to the Policy chat tab and ask natural language questions like:- "What does our policy say about API keys in prompts?"
- "Which OWASP rule covers jailbreak attempts?"
- "What are the penalties for a data exfiltration attempt?"
4 โ Review History
The History tab shows all past scans with verdicts, timestamps, and whether RAG grounding was active. Click any entry to re-analyze it.๐ง Tech Stack
| Layer | Technology | |---|---| | LLM | Meta llama-3.3-70b-versatile | | Inference | Groq API | | Embeddings | nomic-embed-text-v1_5 (768-dim) | | Vector Search | In-browser cosine similarity | | Frontend | Vanilla HTML / CSS / JavaScript | | Deployment | Netlify |
๐ฅ Team
| Name | Role | Handle | |---|---|---| | Mirza Yasir Abdullah Baig | Project Lead | @mirzayasirabdullahbaig | | Sadia Usman | AI Engineer | @Frost_Flashlog3 | | Nazish Javeed | Backend Developer | @Nazishjaveed | | Hira Mujeeb | UI/UX Developer | @Mystic_Tintp1t7 | | Hamna Munir | Security Analyst | @HamnaMunir |
โ๏ธ Configuration
| Variable | Location | Description | |---|---|---| | GROQ_KEY | index.html line ~180 | Your Groq API key | | BATCH | buildKB() function | Embedding batch size (default: 8) | | k in retrieve() | analyze() / sendChat() | Number of retrieved chunks (default: 3โ4) | | maxTokens | groqChat() | Max LLM output tokens (default: 600) |
๐ Security Notes
- Never commit your Groq API key to a public repository. Use environment variables or Netlify's secret management.
- All vector search and chunking happens client-side in the browser โ your policy text is never sent to any server other than Groq's embedding API.
- The app makes direct browser-to-Groq API calls. For production use, consider proxying through a backend to keep the API key server-side.
๐ License
MIT License โ free to use, modify, and distribute.