defense 2026

Protecting Context and Prompts: Deterministic Security for Non-Deterministic AI

Mohan Rajagopalan 1, Vinay Rao 2

1 MACAW Security, Inc.

2 ROOST.tools

1 citations · 33 references · arXiv (Cornell University)
α

Published on arXiv

2602.10481

Prompt Injection

OWASP LLM Top 10 — LLM01

Excessive Agency

OWASP LLM Top 10 — LLM08

Key Finding

Achieves 100% detection of prompt injection attacks across 6 exhaustive attack categories with zero false positives and nominal computational overhead

Authenticated Prompts / Authenticated Context

Novel technique introduced

Large Language Model (LLM) applications are vulnerable to prompt injection and context manipulation attacks that traditional security models cannot prevent. We introduce two novel primitives--authenticated prompts and authenticated context--that provide cryptographically verifiable provenance across LLM workflows. Authenticated prompts enable self-contained lineage verification, while authenticated context uses tamper-evident hash chains to ensure integrity of dynamic inputs. Building on these primitives, we formalize a policy algebra with four proven theorems providing protocol-level Byzantine resistance--even adversarial agents cannot violate organizational policies. Five complementary defenses--from lightweight resource controls to LLM-based semantic validation--deliver layered, preventative security with formal guarantees. Evaluation against representative attacks spanning 6 exhaustive categories achieves 100% detection with zero false positives and nominal overhead. We demonstrate the first approach combining cryptographically enforced prompt lineage, tamper-evident context, and provable policy reasoning--shifting LLM security from reactive detection to preventative guarantees.

Key Contributions

  • Authenticated prompts: cryptographically signed prompt lineage with embedded parent/root provenance enabling unforgeable instruction ancestry verification
  • Authenticated context: tamper-evident hash chains over agent memory ensuring integrity of dynamic multi-turn context
  • Formal policy algebra with four proven theorems guaranteeing Byzantine resistance, privilege non-escalation, and tool-chaining bypass prevention at the protocol level

🛡️ Threat Analysis

Details

Domains
nlp
Model Types
llm
Threat Tags
inference_timeblack_boxtargeted
Applications
llm agentic systemsenterprise ai workflowsmulti-agent orchestration
Read PDF arXiv DOI

Similar Papers

defense

A-MemGuard: A Proactive Defense Framework for LLM-Based Agent Memory

2025 11 cit.
100%
defense

Cybersecurity AI: Hacking the AI Hackers via Prompt Injection

2025 0 cit.
100%
defense

AgentSys: Secure and Dynamic LLM Agents Through Explicit Hierarchical Memory Management

2026 0 cit.
100%
defense

Breaking and Fixing Defenses Against Control-Flow Hijacking in Multi-Agent Systems

2025 3 cit.
100%
defense

Cognitive Control Architecture (CCA): A Lifecycle Supervision Framework for Robustly Aligned AI Agents

2025 0 cit.
92%
defense

Don't Let the Claw Grip Your Hand: A Security Analysis and Defense Framework for OpenClaw

2026 0 cit.
92%
defense

AI Kill Switch for malicious web-based LLM agent

2025 0 cit.
92%
defense

SentinelNet: Safeguarding Multi-Agent Collaboration Through Credit-Based Dynamic Threat Detection

2025 2 cit.
92%