[2506.12104] DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents

Computer Science > Cryptography and Security arXiv:2506.12104 (cs) [Submitted on 13 Jun 2025 (v1), last revised 26 Mar 2026 (this version, v3)] Title:DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents Authors:Hao Li, Xiaogeng Liu, Hung-Chun Chiu, Dianqi Li, Ning Zhang, Chaowei Xiao View a PDF of the paper titled DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents, by Hao Li and 5 other authors View PDF HTML (experimental) Abstract:Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities. By interacting with external environments through predefined tools, these agents can carry out complex user tasks. Nonetheless, this interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior, potentially resulting in economic loss, privacy leakage, or system compromise. System-level defenses have recently shown promise by enforcing static or predefined policies, but they still face two key challenges: the ability to dynamically update security rules and the need for memory stream isolation. To address these challenges, we propose Dynamic Rule-based Isolation Framework for Trustworthy agentic systems (DRIFT), which enforces the dynamic security policy and injection isolation for securing LLM agents against prompt injection attacks. A Secure Planner first constructs a minima...