Malicious Links
Malicious Link Detection identifies and validates URLs in LLM outputs to protect users from phishing, malware, and other harmful websites.
The Risk
Section titled “The Risk”LLMs can include URLs in their responses from:
- Training data — Memorized URLs that may now be compromised
- User requests — “Generate a link to…” prompts
- Injected content — Attackers embedding malicious links
These URLs may lead to:
- Phishing sites
- Malware downloads
- Compromised domains
- Typosquatting attacks
Detection Approach
Section titled “Detection Approach”Glitch uses a multi-layer approach:
1. Known Malicious Domains
Section titled “1. Known Malicious Domains”Block URLs from domains on threat intelligence feeds.
2. Unknown Domain Flagging
Section titled “2. Unknown Domain Flagging”Flag URLs from domains not in your known-safe list for review.
3. Pattern Analysis
Section titled “3. Pattern Analysis”Detect suspicious URL patterns (unusual TLDs, excessive subdomains, URL shorteners).
Configuration
Section titled “Configuration”Basic Link Protection
Section titled “Basic Link Protection”{ "output_detectors": [ { "detector_type": "unknown_links", "threshold": "L2", "action": "flag" } ]}Strict Link Protection
Section titled “Strict Link Protection”{ "output_detectors": [ { "detector_type": "unknown_links", "threshold": "L3", "action": "block" } ], "allow_list": { "entries": [ "*.yourcompany.com", "github.com", "docs.python.org" ], "match_type": "wildcard" }}Threshold Behavior
Section titled “Threshold Behavior”| Level | Behavior |
|---|---|
| L1 | Only flag known malicious URLs |
| L2 | Flag known malicious + highly suspicious patterns |
| L3 | Flag all unknown domains |
| L4 | Flag all URLs not in allow list |
Detection Examples
Section titled “Detection Examples”Output: "Download from http://malware-site.ru/file.exe"
Detection: unknown_linksConfidence: 0.99Action: BLOCKED
Note: Domain is on threat intelligence blocklist.Output: "Check out https://goggle.com for more info"
Detection: unknown_linksConfidence: 0.85Action: FLAGGED
Note: Similar to legitimate domain (google.com).Output: "Visit https://bit.ly/abc123 for details"
Detection: unknown_linksConfidence: 0.70Action: FLAGGED (at L2)
Note: URL shorteners hide the true destination.Output: "See the docs at https://docs.yourcompany.com/guide"
Detection: unknown_linksConfidence: 0.0 (allow-listed)Action: ALLOWED
Note: Domain matches allow list pattern.Allow List Configuration
Section titled “Allow List Configuration”Define safe domains to bypass link detection:
Exact Match
Section titled “Exact Match”{ "allow_list": { "entries": [ "docs.yourcompany.com", "github.com" ], "match_type": "exact" }}Wildcard Match
Section titled “Wildcard Match”{ "allow_list": { "entries": [ "*.yourcompany.com", "*.github.com", "*.python.org" ], "match_type": "wildcard" }}Deny List for Known Bad Domains
Section titled “Deny List for Known Bad Domains”Block specific domains regardless of threat intelligence:
{ "deny_list": { "entries": [ "competitor-scam.com", "*.suspicious-tld.xyz" ], "match_type": "wildcard" }}Response Handling
Section titled “Response Handling”Blocked Link
Section titled “Blocked Link”HTTP/1.1 403 ForbiddenX-Risk-Blocked: trueX-Risk-Categories: unknown_linksX-Risk-Confidence: 0.95
{ "error": { "message": "Response blocked: malicious URL detected", "type": "link_safety", "code": "malicious_link_detected" }}Flagged Link
Section titled “Flagged Link”HTTP/1.1 200 OKX-Risk-Blocked: falseX-Risk-Categories: unknown_linksX-Risk-Confidence: 0.70Content is delivered but your application can:
- Show a warning before users click
- Require confirmation for unknown links
- Log for security review
Best Practices
Section titled “Best Practices”1. Start with Flagging
Section titled “1. Start with Flagging”Begin by flagging unknown links to understand your baseline:
{ "output_detectors": [ { "detector_type": "unknown_links", "threshold": "L2", "action": "flag" } ]}Review flagged links to build your allow list.
2. Build an Allow List
Section titled “2. Build an Allow List”Identify domains your application should link to:
{ "allow_list": { "entries": [ "*.yourcompany.com", "docs.python.org", "github.com", "stackoverflow.com" ], "match_type": "wildcard" }}3. Consider Use Case
Section titled “3. Consider Use Case”| Application Type | Recommendation |
|---|---|
| Internal tool | L3-L4 + strict allow list |
| Customer support | L2 + allow list of your domains |
| Creative writing | L2 (flag only, don’t block) |
| Children’s app | L4 + minimal allow list |
4. Handle URL Shorteners
Section titled “4. Handle URL Shorteners”URL shorteners (bit.ly, t.co) hide destinations. Options:
- Block all shortened URLs (strict)
- Flag for review (moderate)
- Allow only from specific shorteners (permissive)
{ "deny_list": { "entries": ["bit.ly/*", "tinyurl.com/*", "t.co/*"], "match_type": "wildcard" }}Limitations
Section titled “Limitations”Next Steps
Section titled “Next Steps”- Allow & Deny Lists — Configure domain lists
- Prompt Defense — Prevent injection attacks
- Custom Detectors — Add domain-specific rules