# PromptSleuth: Detecting Prompt Injection via Semantic Intent Invariance

**Authors:** Mengxiao Wang, Yuxuan Zhang, Guofei Gu

arXiv: 2508.20890 · 2025-09-17

## TL;DR

PromptSleuth introduces a semantic intent-based approach to detect prompt injection attacks on LLMs, outperforming existing defenses by focusing on task-level intent invariance across diverse and evolving attack strategies.

## Contribution

The paper presents a new benchmark for prompt injection detection and proposes PromptSleuth, a semantic reasoning framework that enhances robustness against diverse attack techniques.

## Key findings

- PromptSleuth outperforms existing defenses on new comprehensive benchmarks.
- Existing defenses are less effective against multi-task and obfuscated prompt injections.
- Semantic intent invariance is a robust indicator for detecting prompt injections.

## Abstract

Large Language Models (LLMs) are increasingly integrated into real-world applications, from virtual assistants to autonomous agents. However, their flexibility also introduces new attack vectors-particularly Prompt Injection (PI), where adversaries manipulate model behavior through crafted inputs. As attackers continuously evolve with paraphrased, obfuscated, and even multi-task injection strategies, existing benchmarks are no longer sufficient to capture the full spectrum of emerging threats.   To address this gap, we construct a new benchmark that systematically extends prior efforts. Our benchmark subsumes the two widely-used existing ones while introducing new manipulation techniques and multi-task scenarios, thereby providing a more comprehensive evaluation setting. We find that existing defenses, though effective on their original benchmarks, show clear weaknesses under our benchmark, underscoring the need for more robust solutions. Our key insight is that while attack forms may vary, the adversary's intent-injecting an unauthorized task-remains invariant. Building on this observation, we propose PromptSleuth, a semantic-oriented defense framework that detects prompt injection by reasoning over task-level intent rather than surface features. Evaluated across state-of-the-art benchmarks, PromptSleuth consistently outperforms existing defense while maintaining comparable runtime and cost efficiency. These results demonstrate that intent-based semantic reasoning offers a robust, efficient, and generalizable strategy for defending LLMs against evolving prompt injection threats.

---
Source: https://tomesphere.com/paper/2508.20890