PragLocker: Protecting Agent Intellectual Property in Untrusted Deployments via Non-Portable Prompts

TL;DR

PragLocker is a novel prompt protection scheme that prevents prompt copying across different LLMs while preserving performance on the target model, addressing key security challenges in untrusted deployments.

Contribution

It introduces a method to create non-portable, function-preserving obfuscated prompts that are robust against adversaries attempting to reuse prompts on other models.

Findings

Substantially reduces cross-LLM prompt portability

Maintains high performance on target LLMs

Remains robust against adaptive attackers

Abstract

LLM agents rely on prompts to implement task-specific capabilities based on foundation LLMs, making agent prompts valuable intellectual property. However, in untrusted deployments, adversaries can copy and reuse these prompts with other proprietary LLMs, causing economic losses. To protect these prompts, we identify four key challenges: proactivity, runtime protection, usability, and non-portability that existing approaches fail to address. We present PragLocker, a prompt protection scheme that satisfies these requirements. PragLocker constructs function-preserving obfuscated prompts by anchoring semantics with code symbols and then using target-model feedback to inject noise, yielding prompts that only work on the target LLM. Experiments across multiple agent systems, datasets, and foundation LLMs show that PragLocker substantially reduces cross-LLM portability, maintains target performance, and remains robust against adaptive attackers.