ISVforce Guide

ISVforce Guide: Build and Distribute AppExchange Solutions
Get Ready to Distribute on AppExchange
Use Managed Packages to Develop Your AppExchange Solution
Manage Orgs with Environment Hub
Architectural Considerations for Group and Professional Editions
Security Requirements for AppExchange Partners and Solutions
Security Policy Requirements
Prevent Secure Coding Violations
Secure Your B2C Commerce Solution
Secure Your Tableau Accelerator
Secure Your Agentforce Solution
Secure Your Agentforce Custom Actions
Secure Your Agentforce Prompts
Design Security-Hardened Prompts
Validate User-Controlled Data Added to a Prompt
Use Random Sequence Enclosures and Prompt Sandwiching
Prompt Injection Mitigation Resources
Pass the AppExchange Security Review
Manage Your AppExchange Listings
Sell on AppExchange with Checkout
Report Orders to Salesforce with the Channel Order App
Provide Free Trials of Your AppExchange Solution
OEM User License Guide
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Use Random Sequence Enclosures and Prompt Sandwiching

If untrusted or user-controlled data is included in a prompt, use a secure random-sequence enclosure to clearly segment the data from other instructions in the prompt. The goal is to prevent an attacker from guessing the random sequence.

While you can segment the data using symbols, such as “””<user input>”””, this isn’t a security best practice. Instead, use a random-sequence enclosure, such as AK6524SH_YTHW923 <data> AK6524SH_YTHW923. This makes it harder for an attacker to break out of the data enclosure and jailbreak the prompt.

To implement a random-sequence enclosure:

  • Generate a random set of tokens to use for each untrusted data enclosure. Make the token long enough that an attacker can't guess or infer it. Generate the token with a secure random source.
  • Use a new random token sequence for each prompt inference operation.
  • In your prompt instructions, clearly indicate what the random-sequence enclosure is and the data it contains.

You can also reinforce instructions for the LLM by placing prompt instructions before and after the untrusted data in the prompt. This mitigation strategy is called prompt sandwiching. The Sandwich Defense by Learn Prompting has an example.