CAPTURE: Context-Aware Prompt Injection Testing and Robustness Enhancement
This work addresses security vulnerabilities in LLMs for developers and users, offering a more robust defense against prompt injection attacks.
The paper tackled the problem of prompt injection security risks in large language models by introducing CAPTURE, a context-aware benchmark, and CaptureGuard, a new model that drastically reduces false negative and false positive rates on context-aware datasets while generalizing to external benchmarks.
Prompt injection remains a major security risk for large language models. However, the efficacy of existing guardrail models in context-aware settings remains underexplored, as they often rely on static attack benchmarks. Additionally, they have over-defense tendencies. We introduce CAPTURE, a novel context-aware benchmark assessing both attack detection and over-defense tendencies with minimal in-domain examples. Our experiments reveal that current prompt injection guardrail models suffer from high false negatives in adversarial cases and excessive false positives in benign scenarios, highlighting critical limitations. To demonstrate our framework's utility, we train CaptureGuard on our generated data. This new model drastically reduces both false negative and false positive rates on our context-aware datasets while also generalizing effectively to external benchmarks, establishing a path toward more robust and practical prompt injection defenses.