Now open source — MIT licensed

Stop Prompt Injection.
Protect Your LLM.

WonderwallAi is an AI firewall SDK that blocks prompt injection, data leaks, and off-topic abuse. Runs locally with zero external API calls.

View on GitHub See Pricing
$ pip install wonderwallai
<2ms
Fast path latency
10+
API key patterns detected
59
Tests passing
4
Protection layers
How It Works

4 Layers of Protection

Each layer catches different threat categories. Most attacks never make it past Layer 1.

🎯
<2ms · Local

Semantic Router

Cosine similarity against your allowed topics using lightweight embeddings. No API call. Catches 90% of off-topic abuse.

🛡️
~100ms · LLM

Sentinel Scan

LLM binary classifier detects sophisticated injection. Only runs on messages that pass the semantic router.

🔒
<1ms · Local

Egress Filter

Catches leaked API keys, PII, and canary tokens in LLM responses. Redacts sensitive data automatically.

📄
<1ms · Local

File Sanitizer

Validates uploads by magic bytes and strips EXIF metadata. Prevents GPS and camera data from leaking.

  quickstart.py 
from wonderwallai import Wonderwall
from wonderwallai.patterns.topics import ECOMMERCE_TOPICS

wall = Wonderwall(topics=ECOMMERCE_TOPICS)

# Scan user input before it reaches your LLM
verdict = await wall.scan_inbound("How do I return this?")
if not verdict.allowed:
    return verdict.message  # User-friendly rejection

# Scan LLM output before it reaches the user
verdict = await wall.scan_outbound(llm_response, canary_token)
response = verdict.message  # Cleaned text (API keys/PII redacted)
Comparison

How We Stack Up

WonderwallAi was designed for developers who want control, speed, and privacy.

WonderwallAi Lakera Guard Guardrails AI LLM Guard
Latency <2ms (local) 50-200ms Varies Varies
Data privacy Never leaves your server Sent to third-party API Self-hosted possible Self-hosted
Integration effort 3 lines of code API key + HTTP calls Wrap entire pipeline Complex config
Topic enforcement Built-in semantic router No Via validators No
Canary tokens Built-in No No No
Offline capable Yes (fast path) No Partial Partial
Open source MIT Proprietary Apache 2.0 MIT
Pricing Free SDK + API from $0/mo Pay per request Free (self-host) Free (self-host)
Integrations

Works With Your Stack

Drop WonderwallAi into any Python application. Three deployment options, any LLM provider.

  fastapi_example.py
from fastapi import FastAPI
from wonderwallai import Wonderwall

app = FastAPI()
wall = Wonderwall(topics=["Order tracking", "Returns", "Product info"])

@app.post("/chat")
async def chat(message: str):
    verdict = await wall.scan_inbound(message)
    if not verdict.allowed:
        return {"error": verdict.message}

    response = await call_your_llm(message)
    clean = await wall.scan_outbound(response)
    return {"response": clean.message}
  flask_example.py
import asyncio
from flask import Flask, request, jsonify
from wonderwallai import Wonderwall

app = Flask(__name__)
wall = Wonderwall(topics=["Customer support", "Billing"])

@app.route("/chat", methods=["POST"])
def chat():
    message = request.json["message"]
    verdict = asyncio.run(wall.scan_inbound(message))
    if not verdict.allowed:
        return jsonify(error=verdict.message), 403

    response = call_your_llm(message)
    return jsonify(response=response)
  langchain_example.py
from langchain.chains import ConversationChain
from wonderwallai import Wonderwall

wall = Wonderwall(
    topics=["Product questions", "Pricing"],
    sentinel_api_key="gsk_...",
)

async def safe_chain_run(user_input: str, chain: ConversationChain):
    # Guard the input
    verdict = await wall.scan_inbound(user_input)
    if not verdict.allowed:
        return verdict.message

    # Run the chain
    result = chain.run(user_input)

    # Guard the output
    clean = await wall.scan_outbound(result)
    return clean.message
  terminal
# Use the hosted API — no SDK installation needed
curl -X POST https://wonderwallai-production.up.railway.app/v1/scan/inbound \
  -H "Authorization: Bearer ww_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"message": "How do I track my order?"}'

# Response:
# {"allowed": true, "action": "allow", "scores": {"semantic": 0.52}}
Built for Developers

Your Stack. Your Rules.

WonderwallAi is LLM-agnostic, framework-agnostic, and deploys anywhere Python runs.

🤖 Supported LLMs

OpenAI / GPT Anthropic / Claude Meta / Llama Google / Gemini Mistral Groq Ollama Any LLM

🚀 Deployment Options

Python SDK (pip install) Hosted REST API Docker Railway AWS / GCP / Azure Self-hosted

🔧 Framework Support

FastAPI Flask Django LangChain LlamaIndex Haystack Custom pipelines
What People Are Saying

Trusted by Developers

Early adopters and builders who use WonderwallAi in production.

"We integrated WonderwallAi into our customer service bot in under an hour. The semantic router alone caught 90% of the jailbreak attempts we were seeing."

JD
Your Name Here
CTO, AI Startup

"The canary token system is brilliant. Zero false positives, and we caught a system prompt extraction attempt on day one. Exactly what we needed."

SK
Your Name Here
Lead Engineer, SaaS Co.

"We switched from a hosted API scanner to WonderwallAi and dropped our scan latency from 150ms to under 2ms. Plus our user data never leaves our infra."

AR
Your Name Here
Security Lead, Fintech
Pricing

Simple, Transparent Pricing

Open-source SDK is free forever. Hosted API scales with you.

Free

$0/mo
For testing and side projects
  • 1,000 scans/month
  • 10 requests/minute
  • All 4 protection layers
  • Community support
Get Started Free
50% OFF

Starter

$29/mo
$29$14.50/mo
For growing applications
  • 50,000 scans/month
  • 60 requests/minute
  • Overage: $0.001/scan
  • Email support
Get Started
50% OFF
Most Popular

Pro

$99/mo
$99$49.50/mo
For production workloads
  • 500,000 scans/month
  • 200 requests/minute
  • Overage: $0.0005/scan
  • Priority support
Get Started
50% OFF

Business

$299/mo
$299$149.50/mo
For high-volume apps
  • 2,000,000 scans/month
  • 500 requests/minute
  • Overage: $0.0003/scan
  • Dedicated support + SLA
Get Started

Need more? Enterprise plans with unlimited scans, custom rate limits, and SLA guarantees.

FAQ

Frequently Asked Questions

Everything you need to know about WonderwallAi.

WonderwallAi is an open-source Python SDK that acts as a firewall for LLM applications. It scans user messages before they reach your LLM (blocking off-topic queries and prompt injection) and scans LLM responses before they reach users (redacting leaked API keys and PII). It works with any LLM provider and adds under 2ms latency on the fast path.
No. The SDK runs entirely in your process. The semantic router and egress filter are fully local with zero API calls. Only the optional Sentinel Scan (LLM-based classifier) makes an external API call to Groq, and you can disable it if you want fully offline operation. If you use the hosted API, data is processed on our servers and never stored.
All of them. WonderwallAi is LLM-agnostic. It sits between your user and your LLM as a middleware layer. It works with OpenAI, Anthropic, Google, Meta (Llama), Mistral, Groq, Ollama, and any other provider. You just call scan_inbound() before your LLM call and scan_outbound() after.
You define your allowed topics in plain English (e.g., "Order tracking", "Returns", "Product questions"). The router uses a lightweight embedding model (all-MiniLM-L6-v2, ~80MB) to compute cosine similarity between the user's message and your topics. If the highest similarity score is below your threshold, the message is blocked. This runs locally in under 2ms and catches 90%+ of off-topic abuse.
A canary token is a unique random string you inject into your LLM's system prompt with an instruction to never reveal it. WonderwallAi generates deterministic canary tokens per session and checks if they appear in the LLM's response. If one does, it means someone successfully extracted your system prompt — the response is hard-blocked. This has zero false positives and is the most reliable way to detect system prompt extraction.
Use the SDK if you want maximum privacy and minimum latency (messages never leave your server). Use the hosted API if you want a zero-dependency integration via HTTP calls, or if you're not using Python. Both provide the same protection layers. The SDK is free and open source. The hosted API has a free tier (1,000 scans/month) and paid plans for higher volume.
Yes. WonderwallAi was extracted from a production Shopify chatbot that handles real customer conversations. It has 59 tests, is fail-open by default (errors allow messages through rather than blocking users), and has been battle-tested against real prompt injection attempts. The SDK supports Python 3.10+.

Ready to Protect Your LLM?

Get started in under 5 minutes. Free forever for the SDK. No credit card required for the hosted API free tier.

See Pricing Read the Docs