you dont know which prompt activates the backdoor, how can you firewall it if you run the model in production?