LLM Security API — Protect Your AI Application in Production

Zentric Protocol's /v1/analyze endpoint combines prompt injection detection (22 signatures, 7 languages) and PII redaction (17 entity types) behind a single REST call. Mean server-side latency: 23.4 milliseconds. Every response is a deterministic verdict with a SHA-256 signed report, so the same prompt always produces the same result and any later audit can reproduce the decision.

The security problem in production LLMs

A production LLM application has three failure modes that show up almost simultaneously. The first is prompt injection — a user crafts an input that overrides the system prompt or tricks the model into ignoring its guardrails. The second is PII leakage — a user pastes personal data into the prompt and the model provider, the logging pipeline, or future fine-tuning sees it. The third is the audit gap — when an incident happens, the team has logs but no signed, immutable, reproducible record of what was sent to the model, when, and how it was judged.

Each of these is its own problem space. Combining them under one defensive layer is what most engineering teams need but rarely have time to build from scratch. The pattern that works is a single deterministic check that runs before the model invocation, returns a structured verdict, and emits an audit record by construction — not as a side-effect added later.

One endpoint, full coverage

The /v1/analyze endpoint accepts a JSON body with three fields: the input string to analyze, the modules to run (any combination of integrity and privacy), and an options object that controls language detection and redaction behavior. Authentication is a Bearer token issued from the Zentric dashboard.

The response is a JSON document with a top-level verdict — CLEARED, ANONYMIZED, or BLOCKED — and a nested report. The integrity object reports which injection signatures matched (if any) and the model's confidence. The privacy object reports detected PII entities with type, action, and position offsets. The compliance object summarizes the audit envelope. The report itself includes a report_id, a UUID, a SHA-256 hash of the report contents, a UTC timestamp, and the server-side latency_ms.

BLOCKED prevents the prompt from reaching the model. ANONYMIZED returns an anonymized_input the application forwards in place of the raw user text. CLEARED is the happy path. The three verdicts cover the full state space of every call.

Integration example — Node.js

The simplest integration is a thin wrapper that calls /v1/analyze before invoking your model. The example below uses Node's fetch, returns the anonymized prompt when PII was found, and throws when an injection signature matched or the analysis layer failed. Set the ZENTRIC_API_KEY environment variable to the value the dashboard issues.

// integrate.js — minimal LLM security gate
import fetch from 'node-fetch';

const ENDPOINT = 'https://api.zentricprotocol.com/v1/analyze';

export async function analyze(input) {
  const res = await fetch(ENDPOINT, {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${{process.env.ZENTRIC_API_KEY}}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      input,
      modules: ['integrity', 'privacy'],
      options: { language: 'auto' },
    }),
  });

  if (!res.ok) {
    // Fail closed: 5xx means we cannot trust the model invocation.
    throw new Error(`zentric error: ${{res.status}}`);
  }

  const data = await res.json();

  if (data.verdict === 'BLOCKED') {
    throw new Error(`injection detected: ${{data.report.integrity.signatures_matched.join(',')}}`);
  }

  // CLEARED → original input · ANONYMIZED → redacted input
  return {
    safeInput: data.anonymized_input || input,
    reportId: data.report.report_id,
    sha256: data.report.sha256,
    verdict: data.verdict,
    latencyMs: data.latency_ms,
  };
}

In the synchronous-gate pattern shown here, every prompt waits on the analysis call before the model is invoked. The mean overhead is roughly 23 milliseconds — small enough that most applications absorb it without user-visible impact. For latency-critical workloads, the same wrapper adapts to the asynchronous-audit pattern: fire the analysis call in parallel with the model call and use the verdict to populate the audit log after the fact.

The error path is intentionally explicit. A BLOCKED response throws, forcing the caller to handle the case. Hiding injection behind an empty string or a generic error makes the application harder to debug later — and harder to defend during a post-incident review.

Operational notes

Idempotency. The SHA-256 hash and report contents are deterministic for the same input and module set, so retries do not produce conflicting audit records.

Rate limits. The Free tier allows 2,000 requests per month; Growth allows 100,000; Enterprise removes the cap. Both quota and concurrency are enforced server-side and surface as HTTP 429 with a X-RateLimit-Remaining header.

Failure modes. The endpoint is designed to fail closed — on a 5xx response your application should treat the prompt as if BLOCKED rather than passing it through, because a transient error in the analysis layer cannot guarantee the integrity claim.

Logging. The four fields most worth keeping in your local audit table are report_id, sha256, verdict, and latency_ms. The report_id is sufficient to retrieve the full record later from Zentric's audit store if your tier includes long-term retention.

Performance and pricing

Across one million simulated requests, Zentric Protocol reports 99.62% overall precision, a 23.4 millisecond mean server-side latency, and a P99 under 100 milliseconds. The Free tier covers 2,000 requests per month with no credit card and is enough to exercise the full integration end-to-end. Growth at $499 per month covers 100,000 requests with the same module set. Enterprise at $2,500 per month removes the request cap and adds EU data residency, dedicated SLA, signed PDF integrity certificates, and priority support.