defense 2025

PromptScreen: Efficient Jailbreak Mitigation Using Semantic Linear Classification in a Multi-Staged Pipeline

Akshaj Prashanth Rao 1, Advait Singh 1, Saumya Kumaar Saksena 1, Dhruv Kumar 1,2

1 Birla Institute of Technology and Science

2 Trustwise

1 citations · 20 references · arXiv (Cornell University)
α

Published on arXiv

2512.19011

Prompt Injection

OWASP LLM Top 10 — LLM01

Key Finding

SVM-based configuration achieves 93.4% accuracy and reduces average time-to-completion from ~450s to 47s, yielding over 10x lower latency than ShieldGemma while improving accuracy from 35.1% to 93.4%.

PromptScreen

Novel technique introduced

Prompt injection and jailbreaking attacks pose persistent security challenges to large language model (LLM)-based systems. We present PromptScreen, an efficient and systematically evaluated defense architecture that mitigates these threats through a lightweight, multi-stage pipeline. Its core component is a semantic filter based on text normalization, TF-IDF representations, and a Linear SVM classifier. Despite its simplicity, this module achieves 93.4% accuracy and 96.5% specificity on held-out data, substantially reducing attack throughput while incurring negligible computational overhead. Building on this efficient foundation, the full pipeline integrates complementary detection and mitigation mechanisms that operate at successive stages, providing strong robustness with minimal latency. In comparative experiments, our SVM-based configuration improves overall accuracy from 35.1% to 93.4% while reducing average time-to-completion from approximately 450 s to 47 s, yielding over 10 times lower latency than ShieldGemma. These results demonstrate that the proposed design simultaneously advances defensive precision and efficiency, addressing a core limitation of current model-based moderators. Evaluation across a curated corpus of over 30,000 labeled prompts, including benign, jailbreak, and application-layer injections, confirms that staged, resource-efficient defenses can robustly secure modern LLM-driven applications.

Key Contributions

  • Lightweight semantic filter using TF-IDF representations and a Linear SVM classifier that achieves 93.4% accuracy and 96.5% specificity with negligible computational overhead
  • Multi-stage defense pipeline integrating heuristic filters, semantic classification, cluster-based similarity detection, vectorized attack memory retrieval, and model-based sequence assessment
  • Curated evaluation corpus of 30,000+ labeled prompts covering benign, jailbreak, and application-layer injection samples with reproducible evaluation framework

🛡️ Threat Analysis

Details

Domains
nlp
Model Types
llmtraditional_ml
Threat Tags
inference_timeblack_box
Datasets
Custom corpus of 30,000+ labeled prompts (benign, jailbreak, application-layer injections)
Applications
llm-based applicationsllm agentschatbot safety
Read PDF arXiv DOI

Similar Papers

defense

The Mirror Design Pattern: Strict Data Geometry over Model Scale for Prompt Injection Detection

2026 0 cit.
100%
defense

Detecting Prompt Injection Attacks Against Application Using Classifiers

2025 0 cit.
91%
defense

A Call to Action for a Secure-by-Design Generative AI Paradigm

2025 0 cit.
90%
defense

EASE: Practical and Efficient Safety Alignment for Small Language Models

2025 0 cit.
90%
defense

Prompt Injection Mitigation with Agentic AI, Nested Learning, and AI Sustainability via Semantic Caching

2026 0 cit.
90%
defense

The Cost of Thinking: Increased Jailbreak Risk in Large Language Models

2025 0 cit.
90%
defense

Safer Policy Compliance with Dynamic Epistemic Fallback

2026 0 cit.
90%
defense

Incentive-Aligned Multi-Source LLM Summaries

2025 0 cit.
90%