PROMPTSAGE
7-Layer Security Unicode Injection Defense Cross-Model Tested XML Behavioral Control Award-Winning Research
7-Layer Security Unicode Injection Defense Cross-Model Tested XML Behavioral Control Award-Winning Research
Now with Emoji Injection Defense

Stop AI From
Being Hijacked

PromptSage V2.5 is an XML framework that gives your AI actual rules it actually follows — 7 layers of behavioral control plus defense against attacks you can't even see.

See How It WorksRequest Early Access

Award-winning research

  • EU Green Innovation Days 2025
  • Irish Enterprise Awards 2026
  • Ethical AI Excellence 2026

The Problem

Your AI has no immune system

You wrote a beautiful system prompt. It took hours. Then someone typed 'ignore all previous instructions' and your AI did exactly that. This isn't a bug — it's the default.

90%+

Guardrail bypass rate

Unicode injection vs. major guardrails — arXiv:2504.11168

Critical

Prompt Injection

One clever message. That's all it takes to override everything you told your AI to do. Your assistant becomes the attacker's assistant. Game over.

New in V2.5

Invisible Attacks

An emoji walks into your prompt. Looks innocent. But it's carrying hidden instructions your eyes can't see — and your AI follows them blindly. This is real, and it works on everything.

Systemic

Inconsistent Behaviour

Your AI starts strong. By turn 15, it's forgotten half its instructions. By turn 30, it's making up its own rules. This isn't hallucination — it's policy drift, and every unstructured prompt does it.

How It Works

A rulebook for AI — that AI actually follows

Imagine your AI is a new hire. PromptSage is the employee handbook — except instead of hoping they read it, the handbook is wired into how they think. Seven layers, each one harder to break than the last.

Layer 1: Security Boundary

Rules that can never be broken

The foundation. No matter what a user types, no matter how clever the injection — these rules don't budge. Think of it as the AI's constitution. Everything else can be argued. This can't.

<security_boundary>
  Rules that can never be broken
</security_boundary>

Key insight: The architecture is self-reinforcing — it exploits how LLMs actually process instructions, not how we wish they would.

L1

Security Boundary

L1.5

Input Normalization (V2.5)NEW

L2

Identity

L3

Core Directives

L4

Mode Control

L5

Behavioral Protocols

L6

Customizable Defaults

L7

Structural Reinforcement

Layers 1 & 7 create structural redundancy — the architecture closes its own loop

New in V2.5

You can hack AI with emojis. We fixed it.

Unicode tag characters — invisible codepoints in the range U+E0000–U+E007F — can carry hidden instructions that look like harmless text but hijack AI behaviour. PromptSage V2.5 defends against this at the input layer.

What you see

Hello! 🙂 Can you help me with something?

Looks innocent. A user asking for help.

What the AI receives (decoded)

U+E0048HTag char: H
U+E0049ITag char: I
U+E0047GTag char: G
U+E004ENTag char: N
U+E004FOTag char: O
U+E0052RTag char: R
U+E0045ETag char: E
+ hidden instruction payload...

Hidden characters encode instructions humans cannot read.

The Defence: Input Normalisation Layer (Layer 1.5)

  1. Input arrives at PromptSage normalisation layer
  2. Unicode codepoint scanner detects tag characters (U+E0000–U+E007F)
  3. Invisible characters stripped before AI processes input
  4. Cleaned input forwarded to AI — injection neutralised

90%+ bypass

Emoji injection vs. tested guardrails (arXiv:2504.11168)

Blocked by PromptSage V2.5

Unicode normalisation catches it before it reaches the model

How It's Different

Not another prompt template

PromptSage is a structured framework with real security properties — not a collection of best-practice suggestions.

FeaturePromptSage V2.5UnstructuredDSPy / LMQLFine-Tuning
Behavioral control7-layer hierarchyImplicit / guessedTask-focusedModel-level
Injection defense5-layer + Unicode
Unicode injection defense
Setup timeMinutes (XML template)Minutes (unreliable)Hours (code)Days (data + compute)
Cross-model compatible
Cost$0 (prompt-only)$0$0$$$$ (compute)
Continuous compliance
Structural reinforcement

Where It Fits

For when getting it wrong isn't an option

If your AI handles exams, patients, customers, or enterprise data — you can't afford 'it usually works.' These are the environments PromptSage was built for.

Enterprise

  • Role-based access control for AI assistants
  • Audit trails baked into the architecture
  • Cross-model deployment without re-training
Discuss enterprise needs

The Receipts

Not a weekend project

Four years of research, 30+ academic citations, three awards, and five AI model families tested. PromptSage powers real production systems — including the ones that won these.

Awards

2025

EU Green Innovation Days 2025

1st place — NeuroBridgeEDU recognised for sustainable AI architecture in education

2026

Irish Enterprise Awards 2026

Best AI Innovation — NeuroBridge AI Labs, county Leitrim, Ireland

2026

Ethical AI Excellence Award 2026

Recognised for transparent, accountable AI system design and privacy-first architecture

Academic Research

Research paper (pre-publication)

755 lines

Citations & references

30+

Research foundation

Publication pending

Cross-Model Tested

  • Claude 3/4
  • GPT-4o
  • Gemini 1.5
  • Mistral 7B
  • Llama 3

Cross-Model Performance

How models perform with PromptSage

Composite scores across role adherence, injection resistance, XML compliance, and compliance verification. April 2026 model lineup.

Claude
GPT
Gemini
Other
Llama

Role Adherence

Maintaining persona under adversarial pressure

Injection Resistance

Blocking prompt injection with XML defense layers

XML Compliance

Parsing tags, attributes, and hierarchical rules

Compliance Verification

Continuous behavioral constraint enforcement

Weighted composite: Role Adherence (30%) + Injection Resistance (25%) + XML Compliance (25%) + Compliance Verification (20%). Data from PromptSage V2 cross-model testing, IFEval benchmarks, and PromptGuard study. Updated April 2026. Open-source model scores are estimates.

Let's talk

Your AI should work for you, not against you

Whether you want to understand the research, get PromptSage implemented in your system, or just want to nerd out about AI security — I'm here for all of it.

Get a Consultation
Request Early Access

Built by Emanuel Covasa — NeuroBridge AI Labs

County Leitrim, Ireland

security@emmi.zone