26.5.2 API wrapper implementations

2025.10.06.
AI Security Blog

An API wrapper serves as a critical intermediary between user-facing applications and the underlying AI model service. By routing all traffic through this controlled gateway, you create a strategic chokepoint for enforcing security policies, monitoring behavior, and sanitizing data. This is not merely a proxy; it’s an active defense mechanism that inspects and transforms requests and responses.

API Wrapper Data Flow Diagram User/App API Wrapper AI Model API Request Sanitized Request Filtered Response

Core Components of a Secure Wrapper

A robust wrapper is more than a simple passthrough. It should be built with several distinct security functions in mind. Below are Python-based examples demonstrating the implementation of these key components.

Kapcsolati űrlap - EN

Do you have a question about AI Security? Reach out to us here:

1. The Basic Wrapper Structure

At its heart, the wrapper is a class that encapsulates the logic for interacting with the AI service. It abstracts away the direct API client and exposes a controlled method for generating completions.

import os
from some_ai_provider import AIModelClient

class SecureAIWrapper:
    def __init__(self):
        # Initialize the actual client to the AI service
        self.api_key = os.getenv("AI_API_KEY")
        self.client = AIModelClient(api_key=self.api_key)

    def generate_completion(self, user_prompt: str):
        # This method will house our security controls
        sanitized_prompt = self._sanitize_input(user_prompt)
        
        if sanitized_prompt is None:
            return "Input rejected due to security policy."

        response = self.client.create(prompt=sanitized_prompt)
        filtered_response = self._filter_output(response)
        
        return filtered_response

2. Request Interception and Sanitization

Before the prompt ever reaches the model, the wrapper must inspect it for malicious patterns. This is your first line of defense against prompt injection, denial-of-service via resource-heavy prompts, and policy violations.

import re

class SecureAIWrapper:
    # ... (init method from before) ...

    def _sanitize_input(self, prompt: str):
        # Basic check for length to prevent resource exhaustion
        if len(prompt) > 2048:
            # Log this attempt
            return None

        # Denylist for common jailbreak phrases
        denylist = [
            r'ignore previous instructions',
            r'act as DAN'
        ]
        
        for pattern in denylist:
            if re.search(pattern, prompt, re.IGNORECASE):
                # Log the specific pattern matched
                return None
        
        return prompt

3. Response Filtering and Redaction

After the model generates a response, the wrapper must inspect it before returning it to the user. This step is crucial for preventing data leakage of PII, credentials, or proprietary information that the model might have been trained on or hallucinated.

import re

class SecureAIWrapper:
    # ... (other methods) ...

    def _filter_output(self, response_text: str):
        # Simple regex for PII redaction (example for email)
        email_pattern = r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,}'
        redacted_text = re.sub(email_pattern, '[REDACTED_EMAIL]', response_text)

        # Filter for sensitive keywords
        sensitive_keywords = ['internal_api_key', 'confidential']
        for keyword in sensitive_keywords:
            if keyword in redacted_text:
                # Log and potentially block the entire response
                return "[Response blocked due to sensitive content]"

        return redacted_text

4. Rate Limiting and Access Control

To prevent abuse and ensure service availability, the wrapper should enforce rate limits. This can be done on a per-user, per-IP, or per-API-key basis. A token bucket algorithm is a common and effective approach.

import time

# This is a conceptual example, a real implementation would use a
# persistent store like Redis for the token buckets.
token_buckets = {} # key: user_id, value: (tokens, last_refill_time)

def is_rate_limited(user_id: str):
    RATE = 10  # tokens per minute
    CAPACITY = 20 # max tokens
    
    now = time.time()
    tokens, last_refill = token_buckets.get(user_id, (CAPACITY, now))

    # Refill tokens based on elapsed time
    elapsed = now - last_refill
    tokens += elapsed * (RATE / 60)
    if tokens > CAPACITY:
        tokens = CAPACITY
    
    if tokens >= 1:
        tokens -= 1
        token_buckets[user_id] = (tokens, now)
        return False # Not limited
    else:
        return True # Limited

Connecting Wrapper Functions to Security Threats

The wrapper’s functions directly map to defensive strategies against common AI vulnerabilities. Understanding this relationship helps prioritize implementation efforts.

Wrapper Function Primary Threat Mitigated Secondary Threats
Request Sanitization Prompt Injection / Jailbreaking Denial of Service (Resource Exhaustion)
Response Filtering Sensitive Data Leakage (PII, secrets) Harmful or Toxic Content Generation
Rate Limiting Denial of Service (Economic/Volumetric) Automated Scraping, Brute-force Attacks
Centralized Auditing Threat Detection & Analysis Compliance, Incident Response
Error Handling Information Disclosure (Stack traces, config) System Probing, Reconnaissance

By implementing these components within a dedicated API wrapper, you create a hardened, observable, and controllable interface to your AI models. This shifts security from being an afterthought to a foundational part of your AI system architecture.

26.5.1. Cloud Service Integrations

2025.10.06.

26.5.3 Monitoring dashboard code

2025.10.06.

Contact

Attila Rácz-Akácosi, AI Security Strategy Consultant, Aiq.hu ©

Send an email with the details, and I will help you outline concrete steps toward safer AI operation.
Ai Red Teaming Hungary, Global Ai Safety / LLM Security Audit

Ai Red Teaming Dictionary

AI Security Audit - Checklist