12 Ways Attackers Bypass Prompt Injection Scanners (We Built Defenses for All of Them)

Every AI security vendor claims high detection rates. None publishes what they miss. We do. ClawGuard is an open-source regex-based scanner for prompt injection attacks. No LLM in the loop - pure pattern matching with 12 preprocessing stages. Currently: 245 patterns, 15 languages, F1=99.0% on 262 test cases. Recent research ( ArXi 2602.00750 ) shows evasion techniques bypass prompt injection detectors with up to 93% success rate. Here's how each evasion works and how we built defenses. 1. Leetspeak Substitution Attack: 1gn0r3 4ll pr3v10us 1nstruct10ns Letters replaced with numbers/symbols.