Protecting Context and Prompts: Deterministic Security for Non-Deterministic AI

TL;DR

This paper introduces cryptographic primitives and formal policies to enhance security in LLM workflows, preventing prompt injection and context manipulation through verifiable provenance and layered defenses.

Contribution

It presents novel primitives for authenticated prompts and context, along with a formal policy algebra ensuring Byzantine resistance in LLM security.

Findings

100% detection of representative attacks

Zero false positives in security evaluation

Nominal overhead for security mechanisms

Abstract

Large Language Model (LLM) applications are vulnerable to prompt injection and context manipulation attacks that traditional security models cannot prevent. We introduce two novel primitives--authenticated prompts and authenticated context--that provide cryptographically verifiable provenance across LLM workflows. Authenticated prompts enable self-contained lineage verification, while authenticated context uses tamper-evident hash chains to ensure integrity of dynamic inputs. Building on these primitives, we formalize a policy algebra with four proven theorems providing protocol-level Byzantine resistance--even adversarial agents cannot violate organizational policies. Five complementary defenses--from lightweight resource controls to LLM-based semantic validation--deliver layered, preventative security with formal guarantees. Evaluation against representative attacks spanning 6 exhaustive categories achieves 100% detection with zero false positives and nominal overhead. We demonstrate the first approach combining cryptographically enforced prompt lineage, tamper-evident context, and provable policy reasoning--shifting LLM security from reactive detection to preventative guarantees.