Cross-Service Threat Intelligence in LLM Services using Privacy-Preserving Fingerprints
This addresses a critical security blind spot for organizations using multiple LLM services, enabling cross-service threat detection while complying with privacy laws.
The paper tackles the problem of sharing threat intelligence about prompt injection attacks across LLM services without violating privacy regulations, by introducing BinaryShield, which achieves an F1-score of 0.94, outperforming baselines and reducing storage and search time.
The widespread deployment of LLMs across enterprise services has created a critical security blind spot. Organizations operate multiple LLM services handling billions of queries daily, yet regulatory compliance boundaries prevent these services from sharing threat intelligence about prompt injection attacks, the top security risk for LLMs. When an attack is detected in one service, the same threat may persist undetected in others for months, as privacy regulations prohibit sharing user prompts across compliance boundaries. We present BinaryShield, the first privacy-preserving threat intelligence system that enables secure sharing of attack fingerprints across compliance boundaries. BinaryShield transforms suspicious prompts through a unique pipeline combining PII redaction, semantic embedding, binary quantization, and randomized response mechanism to potentially generate non-invertible fingerprints that preserve attack patterns while providing privacy. Our evaluations demonstrate that BinaryShield achieves an F1-score of 0.94, significantly outperforming SimHash (0.77), the privacy-preserving baseline, while achieving 64x storage reduction and 38x faster similarity search compared to dense embeddings.