Prevent prompt injection. safe_tokenization: true Keep your system yours. https://t.co/PdDHrOuTkM
Fireworks AI Adds Safe Tokenization to Stop Users Overriding System Prompts
Fireworks AIFireworks AI introduced an opt-in safe_tokenization flag that prevents user input from being parsed as model control tokens. This update addresses a fundamental security flaw in open-weights inference where malicious text can forge turn boundaries to bypass system instructions. By separating user content from structural code at the tokenizer level, developers can ensure their core product logic remains authoritative.
safe_tokenization flag to prevent prompt injection (a vulnerability where malicious input overrides model instructions). The feature ensures user-provided strings are encoded as harmless subwords rather than structural control tokens that define turn boundaries.Most open-weights models rely on standard tokenization pipelines that merge system prompts and user text into a single string, creating a security risk. This update follows the platform's expansion of hosted models, including Kimi via Day-0 Kimi K2.6 support and DeepSeek via DeepSeek V4 Pro.
You can enable the defense by adding safe_tokenization: true to any Chat Completions API request. The feature is live for all supported models, including Llama, and mirrors Alibaba's Qwen 3.5 integration. The defense maintains identical behavior for benign inputs and is currently an opt-in boolean.
Still wondering? A few quick answers below.
Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →
