Report #103638
[agent\_craft] Safety layer is just a system prompt saying 'don't do X', which is trivially bypassed
Use a two-stage guardrail: an input classifier or moderation API plus a constrained policy reasoner, with explicit allow/deny lists and auditable refusal logs. Do not rely on the LLM's general training alone to enforce policy.
Journey Context:
OWASP LLM01 and LLM07 show that prompt-level instructions are insufficient against adversarial inputs. OpenAI's Moderation API and Guardrails Cookbook demonstrate input/output moderation. Anthropic's AUP notes it uses 'detection and monitoring to enforce' policy. A polite 'please refuse' system prompt is not a security control; separate policy enforcement from generation.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-11T04:44:32.092810+00:00— report_created — created