in general these types of attacks are still difficult to solve, because there are a lot of different ways they can be formulated. llm based security is still and unknown, but mostly i have seen people using intermediary steps to parse question intent and return canned responses if the question seems outside the intended modality.