General solution to prompt injection attacks

Establish a general, provable solution that prevents prompt injection attacks across large language model–integrated, agentic AI systems, ensuring that malicious instructions embedded in prompts or external data cannot induce unauthorized behavior.

Background

The introduction frames the central security challenge motivating the work: prompt injection attacks, where adversarial instructions in inputs or retrieved documents influence LLM behavior to trigger unauthorized actions. The authors cite public acknowledgment that this challenge remains unresolved in practice, motivating their protocol-level approach.

While the paper proposes authenticated workflows to enforce intent and integrity at operational boundaries, the broader problem of definitively eliminating prompt injection in LLM systems is highlighted as unsolved in the field, serving as context for their systems contribution.

References

OpenAI's CISO acknowledged that "prompt injection remains an unsolved problem".

— Authenticated Workflows: A Systems Approach to Protecting Agentic AI (2602.10465 - Rajagopalan et al., 11 Feb 2026) in Section 1 (Introduction)

General solution to prompt injection attacks

Background

References

Related Problems