Prompt Fencing: A Cryptographic Approach to Establishing Security Boundaries in Large Language Model Prompts
This addresses a critical security threat for LLM deployments in production, though it is an incremental improvement as it adds a security layer rather than fundamentally changing models.
The paper tackles the problem of prompt injection attacks in Large Language Models by introducing Prompt Fencing, a cryptographic method that uses signed metadata to establish security boundaries, resulting in a reduction of attack success rates from 86.7% to 0% in experiments.
Large Language Models (LLMs) remain vulnerable to prompt injection attacks, representing the most significant security threat in production deployments. We present Prompt Fencing, a novel architectural approach that applies cryptographic authentication and data architecture principles to establish explicit security boundaries within LLM prompts. Our approach decorates prompt segments with cryptographically signed metadata including trust ratings and content types, enabling LLMs to distinguish between trusted instructions and untrusted content. While current LLMs lack native fence awareness, we demonstrate that simulated awareness through prompt instructions achieved complete prevention of injection attacks in our experiments, reducing success rates from 86.7% (260/300 successful attacks) to 0% (0/300 successful attacks) across 300 test cases with two leading LLM providers. We implement a proof-of-concept fence generation and verification pipeline with a total overhead of 0.224 seconds (0.130s for fence generation, 0.094s for validation) across 100 samples. Our approach is platform-agnostic and can be incrementally deployed as a security layer above existing LLM infrastructure, with the expectation that future models will be trained with native fence awareness for optimal security.