arXiv — Authenticated prompts & context for LLM security
• Category: Research
AI relevance: The paper targets prompt injection and context tampering in LLM workflows by adding cryptographic provenance and policy enforcement to agent pipelines.
- Authors propose authenticated prompts that embed verifiable lineage so downstream agents can prove a prompt’s origin.
- A companion primitive, authenticated context, uses tamper-evident hash chains to protect dynamic inputs across tool calls.
- The system defines a policy algebra intended to enforce organizational rules even with adversarial agents in the loop.
- They claim formal theorems for Byzantine-resistant protocol behavior under their policy model.
- Five layered defenses combine resource controls with semantic validation to reduce prompt-injection abuse.
- Evaluation across six attack categories reports 100% detection with zero false positives and low overhead.
- The work frames security as preventative, verifiable guarantees rather than reactive detection alone.
Why it matters
- Agent pipelines often have weak provenance for prompts and tool outputs, which attackers exploit via context poisoning.
- Cryptographic lineage could make it easier to audit and enforce policy across multi-agent workflows.
- Formal guarantees are rare in LLM security; this paper pushes in that direction.
What to do
- Map your agent dataflows to identify where prompt/context provenance is lost.
- Test tamper-evident logging for tool inputs/outputs to enable future lineage checks.
- Separate trust domains so untrusted context cannot silently alter high-privilege prompts.