Design Patterns for Securing LLM Agents against Prompt Injections

TL;DR

This paper introduces design patterns to enhance the security of Large Language Model (LLM) agents against prompt injection attacks, balancing utility and security through systematic analysis and real-world case studies.

Contribution

It proposes a set of principled design patterns that provide provable resistance to prompt injections in LLM agents, addressing a critical security challenge.

Findings

Patterns offer provable resistance to prompt injections

Trade-offs between utility and security are analyzed

Case studies demonstrate real-world applicability

Abstract

As AI agents powered by Large Language Models (LLMs) become increasingly versatile and capable of addressing a broad spectrum of tasks, ensuring their security has become a critical challenge. Among the most pressing threats are prompt injection attacks, which exploit the agent's resilience on natural language inputs -- an especially dangerous threat when agents are granted tool access or handle sensitive information. In this work, we propose a set of principled design patterns for building AI agents with provable resistance to prompt injection. We systematically analyze these patterns, discuss their trade-offs in terms of utility and security, and illustrate their real-world applicability through a series of case studies.