Jailbreaks and Prompt Injections Threaten Security of LLMs

Mitigation strategy

1. **Implement Comprehensive Input Validation and Contextual Separation:** Establish a multi-layered input sanitization and validation pipeline to process all user prompts. Crucially, enforce a strict boundary between user-provided text (treated as data) and the system prompt (treated as command). This involves filtering known malicious characters, validating input against expected formats, and employing secondary classification models to assess prompt intent, effectively mitigating both direct and indirect injection attempts. 2. **Enforce Principle of Least Privilege and Identity Guardrails:** Restrict the LLM agent's access rights, tool invocation capabilities, and underlying service identity permissions to the absolute minimum required for its core function. This limits the operational blast radius of a successful jailbreak, preventing unauthorized actions such as data exfiltration, privilege escalation, or modification of critical cloud resources via connected APIs. 3. **Integrate Robust Output Monitoring and Behavioral Anomaly Detection:** Institute mandatory output guardrails to inspect and validate all LLM responses against safety policies and expected formats before they are delivered to the user or downstream systems. Complement this with run-time anomaly detection to monitor for suspicious behavioral patterns, sudden shifts in response tone, or repeated adversarial query sequences, enabling the prompt identification and quarantining of a jailbroken state.