CCFC: Core & Core-Full-Core Dual-Track Defense for LLM Jailbreak Protection

TL;DR

CCFC is a dual-track prompt-level defense framework that significantly reduces jailbreak attack success rates on LLMs by isolating query semantics and evaluating responses through complementary safety checks.

Contribution

This paper introduces CCFC, a novel dual-track prompt-level defense mechanism that enhances LLM safety against prompt injection and structure-aware jailbreak attacks.

Findings

Reduces attack success rates by 50-75% against strong adversaries

Outperforms existing prompt-level defenses in safety and robustness

Maintains response quality on benign queries

Abstract

Jailbreak attacks pose a serious challenge to the safe deployment of large language models (LLMs). We introduce CCFC (Core & Core-Full-Core), a dual-track, prompt-level defense framework designed to mitigate LLMs' vulnerabilities from prompt injection and structure-aware jailbreak attacks. CCFC operates by first isolating the semantic core of a user query via few-shot prompting, and then evaluating the query using two complementary tracks: a core-only track to ignore adversarial distractions (e.g., toxic suffixes or prefix injections), and a core-full-core (CFC) track to disrupt the structural patterns exploited by gradient-based or edit-based attacks. The final response is selected based on a safety consistency check across both tracks, ensuring robustness without compromising on response quality. We demonstrate that CCFC cuts attack success rates by 50-75% versus state-of-the-art defenses against strong adversaries (e.g., DeepInception, GCG), without sacrificing fidelity on benign queries. Our method consistently outperforms state-of-the-art prompt-level defenses, offering a practical and effective solution for safer LLM deployment.