diff --git a/src/app/api/ai-event/route.ts b/src/app/api/ai-event/route.ts
index 5afd938..b80c394 100644
--- a/src/app/api/ai-event/route.ts
+++ b/src/app/api/ai-event/route.ts
@@ -16,6 +16,20 @@ export async function POST(request: Request) {
 
 	const { prompt } = await request.json();
 
+	// Validate prompt input
+	if (!prompt || typeof prompt !== "string" || prompt.trim().length === 0) {
+		return NextResponse.json(
+			{ error: "Prompt is required and must be a non-empty string" },
+			{ status: 400 }
+		);
+	}
+	if (prompt.length > 2000) {
+		return NextResponse.json(
+			{ error: "Prompt must be less than 2000 characters" },
+			{ status: 400 }
+		);
+	}
+
 	const systemPrompt = `
 You are an assistant that converts natural language into an ARRAY of calendar events.
 TypeScript type:
diff --git a/src/app/api/ai-summary/route.ts b/src/app/api/ai-summary/route.ts
index 0de481b..6268532 100644
--- a/src/app/api/ai-summary/route.ts
+++ b/src/app/api/ai-summary/route.ts
@@ -23,6 +23,12 @@ export async function POST(request: Request) {
 				{ status: 400 },
 			);
 		}
+		if (events.length > 100) {
+			return NextResponse.json(
+				{ error: "Events array must contain 100 or fewer items" },
+				{ status: 400 },
+			);
+		}
 
 		const res = await fetch("https://openrouter.ai/api/v1/chat/completions", {
 			method: "POST",