defense 2026

CivicShield: A Cross-Domain Defense-in-Depth Framework for Securing Government-Facing AI Chatbots Against Multi-Turn Adversarial Attacks

KrishnaSaiReddy Patil

0 citations
α

Published on arXiv

2603.29062

Prompt Injection

OWASP LLM Top 10 — LLM01

Key Finding

Achieves 72.9% combined detection rate [69.5-76.0% CI] with 2.9% effective false positive rate and 100% detection of multi-turn crescendo/slow-drift attacks across 1,436 scenarios

CivicShield

Novel technique introduced

LLM-based chatbots in government services face critical security gaps. Multi-turn adversarial attacks achieve over 90% success against current defenses, and single-layer guardrails are bypassed with similar rates. We present CivicShield, a cross-domain defense-in-depth framework for government-facing AI chatbots. Drawing on network security, formal verification, biological immune systems, aviation safety, and zero-trust cryptography, CivicShield introduces seven defense layers: (1) zero-trust foundation with capability-based access control, (2) perimeter input validation, (3) semantic firewall with intent classification, (4) conversation state machine with safety invariants, (5) behavioral anomaly detection, (6) multi-model consensus verification, and (7) graduated human-in-the-loop escalation. We present a formal threat model covering 8 multi-turn attack families, map the framework to NIST SP 800-53 controls across 14 families, and evaluate using ablation analysis. Theoretical analysis shows layered defenses reduce attack probability by 1-2 orders of magnitude versus single-layer approaches. Simulation against 1,436 scenarios including HarmBench (416), JailbreakBench (200), and XSTest (450) achieves 72.9% combined detection [69.5-76.0% CI] with 2.9% effective false positive rate after graduated response, while maintaining 100% detection of multi-turn crescendo and slow-drift attacks. The honest drop on real benchmarks versus author-generated scenarios (71.2% vs 76.7% on HarmBench, 47.0% vs 70.0% on JailbreakBench) validates independent evaluation importance. CivicShield addresses an open gap at the intersection of AI safety, government compliance, and practical deployment.

Key Contributions

  • Seven-layer defense-in-depth architecture combining zero-trust access control, semantic firewall, conversation state machine, behavioral anomaly detection, multi-model consensus, and human-in-the-loop escalation
  • Formal threat model covering 8 multi-turn attack families with NIST SP 800-53 compliance mapping across 14 control families
  • Cross-Domain Defense Composition theorem bounding failure correlation and Adversarial Trust Decay model with convergence proofs for multi-turn attack characterization

🛡️ Threat Analysis

Details

Domains
nlp
Model Types
llmtransformer
Threat Tags
inference_timeblack_box
Datasets
HarmBenchJailbreakBenchXSTest
Applications
government chatbotscitizen servicesbenefits eligibilitytax guidance
Read PDF arXiv

Similar Papers

defense

Zero-Shot Embedding Drift Detection: A Lightweight Defense Against Prompt Injections in LLMs

2026 0 cit.
100%
defense

SAID: Empowering Large Language Models with Self-Activating Internal Defense

2025 0 cit.
100%
defense

FocusAgent: Simple Yet Effective Ways of Trimming the Large Context of Web Agents

2025 2 cit.
100%
defense

Safeguarding Large Language Models in Real-time with Tunable Safety-Performance Trade-offs

2025 0 cit.
100%
defense

Machine Learning for Detection and Analysis of Novel LLM Jailbreaks

2025 1 cit.
100%
defense

Bidirectional Intention Inference Enhances LLMs' Defense Against Multi-Turn Jailbreak Attacks

2025 1 cit.
100%
defense

ExpGuard: LLM Content Moderation in Specialized Domains

2026 0 cit.
100%
defense

ReasAlign: Reasoning Enhanced Safety Alignment against Prompt Injection Attack

2026 1 cit.
100%