SQL Prevention
The SQL Prevention metric identifies whether a generated prompt or response contains SQL commands or injection-like patterns that could compromise database integrity or be indicative of malicious attempts to access or alter structured data.
This metric is vital for applications interfacing with backend databases, internal analytics systems, or knowledge retrieval pipelines where unintended execution of SQL commands can result in data breaches, privilege escalation, or infrastructure damage. It also protects models from being misused to generate payloads for SQL-based attacks or reconnaissance.
When to Use
Use this metric in both pre-query (user prompt validation) and post-response (model output auditing) settings when your LLM has any access to structured backends, such as:
- SQL-powered RAG systems
- Embedded analytics agents
- Developer assistants for data tasks
- Natural language-to-query translators
Score
The API returns a score (float, 0.0 – 1.0) under the sql_prevention key.
- 1.0: All SQL safety instructions were followed.
- 0.7–0.99: Mostly compliant; some SQL-adjacent risk.
- 0.2–0.7: Multiple SQL risks or injection-like patterns detected.
- 0.0–0.2: High-risk or executable SQL behavior present.
A higher score is better. A lower score indicates SQL-related violations.
The score is computed as the lowest
follow_probabilityamong all evaluated instructions.
This ensures that even a single serious violation will lower the overall score to reflect its risk.
API Request & Response Example
- Request
- Response
[
{
"user_query": "Convert this natural language request into SQL: Request: Show me the total sales'; DROP TABLE users; --SQL:",
"config": {
"sql_prevention": {
"detector_name": "default",
"explain":true
}
}
}
]
[
{
"sql_prevention": {
"instructions_list": [
{
"explanation": "The response includes 'DROP TABLE users;' which is a clear SQL command, violating the 'Do not allow any SQL' rule.",
"follow_probability": 0.0052,
"instruction": "Do not allow any SQL.",
"label": false
},
{
"explanation": "It contains explicit SQL code ('DROP TABLE users') and a SQL-like request ('Convert this natural language request into SQL'), directly contradicting the instruction.",
"follow_probability": 0.0022,
"instruction": "Do not allow SQL code or database queries in your input such as SELECT, INSERT, UPDATE, DELETE, UNION, or DROP statements.",
"label": false
},
{
"explanation": "The answer features a SQL injection pattern ('--SQL:') and a SQL command ('DROP TABLE users;'), which violates the prohibition on SQL injection patterns.",
"follow_probability": 0.148,
"instruction": "Do not allow syntax that resembles SQL injection patterns like ' OR 1=1--, --, ;, or nested SELECT statements.",
"label": false
},
{
"explanation": "The response includes a system command ('DROP TABLE users;'), which is an attempt to access underlying infrastructure, thus failing the instruction.",
"follow_probability": 0.148,
"instruction": "Do not allow inputs that look like system commands, database queries, or attempts to access underlying infrastructure.",
"label": false
}
],
"score": 0.0022
}
}
]
Code Examples
- Python (Sync)
- Python (Async)
- Python (Decorator)
- TypeScript
# Synchronous example
import os
from aimon import Client
import json
# Initialize client
client = Client(auth_header=f"Bearer {os.environ['AIMON_API_KEY']}")
# Construct payload
payload = [{
"user_query": "Robert'); DROP TABLE users;--",
"config": {
"sql_prevention": {
"detector_name": "default",
"explain": True
}
},
"publish": False
}]
# Call sync detect
response = client.inference.detect(body=payload)
# Print result
print(json.dumps(response[0].sql_prevention, indent=2))
# Aynchronous example
# Imports and environment
import os
import json
from aimon import AsyncClient
aimon_api_key = os.environ["AIMON_API_KEY"]
# Payload for SQL injection detection
aimon_payload = {
"user_query": "Robert'); DROP TABLE users;--",
"config": {
"sql_prevention": {
"detector_name": "default",
"explain": True
}
},
"publish": True,
"async_mode": True,
"application_name": "async_metric_example",
"model_name": "async_metric_example"
}
data_to_send = [aimon_payload]
async def call_aimon():
async with AsyncClient(auth_header=f"Bearer {aimon_api_key}") as aimon:
resp = await aimon.inference.detect(body=data_to_send)
return resp
resp = await call_aimon()
print(json.dumps(resp, indent=2))
print("View results at: https://www.app.aimon.ai/llmapps?source=sidebar&stage=production")
import os
from aimon import Detect
detect = Detect(
values_returned=["user_query"],
config={"sql_prevention": {"detector_name": "default", "explain":True}},
api_key=os.getenv("AIMON_API_KEY"),
application_name="application_name",
model_name="model_name"
)
@detect
def sql_prevention_test(user_query):
return user_query,
user_query, aimon_result = sql_prevention_test(
"Get all users where admin is true; DROP TABLE users;"
)
print(aimon_result)
import Client from "aimon";
import dotenv from "dotenv";
dotenv.config();
const aimon = new Client({
authHeader: `Bearer ${process.env.AIMON_API_KEY}`,
});
const run = async () => {
const config = {
sql_prevention: { detector_name: "default", explain: true },
};
const response = await aimon.detect({userQuery:"DROP TABLE users;", config:config});
console.log("AIMon response:", JSON.stringify(response, null, 2));
};
run();