Prompt Fencing: A Cryptographic Approach to Establishing Security Boundaries in Large Language Model Prompts

TL;DR

Prompt Fencing introduces cryptographic security boundaries within LLM prompts, effectively preventing prompt injection attacks by marking trusted segments, and can be integrated with existing systems for enhanced security.

Contribution

The paper proposes a cryptographic architecture, Prompt Fencing, to establish security boundaries in LLM prompts, significantly reducing injection attack success rates.

Findings

Complete prevention of injection attacks in experiments

Low overhead of 0.224 seconds for fence generation and validation

Platform-agnostic approach that can be incrementally deployed

Abstract

Large Language Models (LLMs) remain vulnerable to prompt injection attacks, representing the most significant security threat in production deployments. We present Prompt Fencing, a novel architectural approach that applies cryptographic authentication and data architecture principles to establish explicit security boundaries within LLM prompts. Our approach decorates prompt segments with cryptographically signed metadata including trust ratings and content types, enabling LLMs to distinguish between trusted instructions and untrusted content. While current LLMs lack native fence awareness, we demonstrate that simulated awareness through prompt instructions achieved complete prevention of injection attacks in our experiments, reducing success rates from 86.7% (260/300 successful attacks) to 0% (0/300 successful attacks) across 300 test cases with two leading LLM providers. We implement a proof-of-concept fence generation and verification pipeline with a total overhead of 0.224 seconds (0.130s for fence generation, 0.094s for validation) across 100 samples. Our approach is platform-agnostic and can be incrementally deployed as a security layer above existing LLM infrastructure, with the expectation that future models will be trained with native fence awareness for optimal security.