PromptGuard a structured framework for injection resilient language models
摘要
Prompt injection attacks threaten the reliability of large language models (LLMs) by embedding adversarial instructions that override intended behavior and compromise task fidelity. Existing defenses are typically narrow in scope or depend on retraining, limiting their adaptability across deployment contexts. This paper presents a modular, four-layer defense framework that integrates input gatekeeping, structured prompt formatting, semantic output validation, and adaptive response refinement (ARR). The pipeline combines regex and MiniBERT-based detection to identify and block malicious instructions, while structured formatting and critic-based validation ensure consistent task alignment. Evaluations on PromptBench, InjectBench, and TruthfulQA demonstrate that the framework enhances robustness across multiple LLMs, achieving up to a 67% reduction in injection success rate and an F1-score of 0.91 in detection, with a latency increase below 8%. These results confirm the framework’s effectiveness as a lightweight, retraining-free approach for strengthening LLM safety and reliability in real-world applications.