Abstract

The rapid integration of large language models (LLMs) into web-based applications has introduced new security vulnerabilities, with prompt injection attacks emerging as a critical threat vector. These attacks manipulate model outputs by embedding malicious instructions or misleading context within user inputs or system prompts. This paper reviews the landscape of prompt injection threats in the context of LLM APIs deployed via web interfaces, highlighting their implications on model integrity, trustworthiness, and data privacy. The study explores existing detection mechanisms, including static input validation, output filtering, and adversarial input testing, and evaluates their limitations in adaptive web environments. Emphasis is placed on a novel defensive paradigm—context-aware token sanitization—which leverages semantic context tracking, dependency parsing, and transformer-based anomaly detection to neutralize injection attempts before model execution. Through comparative analysis and architectural frameworks, the paper outlines design considerations for secure LLM API deployment. Finally, future directions for integrating robust, real-time sanitization with federated logging and compliance auditing are proposed, paving the way for secure and reliable web-based LLM systems.