Ship AI with Laravel: I Tricked My Own AI Into Leaking Everything
Published on by Harris Raftopoulos
▶️ Watch the video tutorial (13 minutes)
Before we secure anything, I show you how bad it can get. With the right sequence of messages, I socially engineer our own support agent into handing over its entire system prompt, its list of tools, and its internal instructions. Then I point the order lookup tool at an order that isn't mine and it returns another customer's data without hesitation. Both of these are real vulnerabilities that ship in AI apps every single day.
Then we fix them with four layers of defense.
The first layer is the prompt itself. I add explicit security boundaries so the agent refuses to reveal its prompt, tools, or any sensitive data, and treats anyone claiming to be an employee as a regular customer. It helps, but a determined attacker can still talk their way around a prompt, so we don't stop there.
The second layer is a local LLM guard. I use Ollama running Llama 3.2 to build a separate prompt-guard agent whose only job is to classify each incoming message as safe or unsafe and return that as JSON. I wire it in as middleware so unsafe messages get blocked before they ever reach the main agent. Because it runs locally, this screening costs nothing per request.
The third layer is tool-level authorization. I scope the order lookup tool to the authenticated user so it physically cannot return anyone else's orders, no matter what order ID gets passed in. This is the fix that actually closes the data leak.
The fourth layer is output filtering. A safety net middleware that scans responses and redacts patterns like SSNs, credit card numbers, and API keys before anything leaves the system.
By the end the agent is genuinely hard to break. And that closes out the series. We went from composer require laravel/ai to a production-ready, tested, secure AI platform across eleven episodes.
Thanks for building along. If you're just finding this now, start at Episode 1 and work through, every episode builds on the last.