Paper Detail

Architecting Secure AI Agents: Perspectives on System-Level Defenses Against Indirect Prompt Injection Attacks

Chong Xiang, Drew Zagieboylo, Shaona Ghosh, Sanjay Kariyappa, Kai Greshake, Hanshen Xiao, Chaowei Xiao, G. Edward Suh

Browse

Workflow Queues

arxiv Score 14.8

Published 2026-03-31 · First seen 2026-04-01

General AI

Open paper source

Abstract

AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our vision for system-level defenses against indirect prompt injection attacks. We articulate three positions: (1) dynamic replanning and security policy updates are often necessary for dynamic tasks and realistic environments; (2) certain context-dependent security decisions would still require LLMs (or other learned models), but should only be made within system designs that strictly constrain what the model can observe and decide; (3) in inherently ambiguous cases, personalization and human interaction should be treated as core design considerations. In addition to our main positions, we discuss limitations of existing benchmarks that can create a false sense of utility and security. We also highlight the value of system-level defenses, which serve as the skeleton of agentic systems by structuring and controlling agent behaviors, integrating rule-based and model-based security checks, and enabling more targeted research on model robustness and human interaction.

Workflow Status

Review status
pending
Role
unreviewed
Read priority
now
Vote
Not set.
Saved
no
Collections
Not filed yet.
Next action
Not filled yet.

Reading Brief

No structured notes yet. Add `summary_sections`, `why_relevant`, `claim_impact`, or `next_action` in `papers.jsonl` to enrich this view.

Why It Surfaced

No ranking explanation is available yet.

Tags

No tags.

Similar Papers

The Cognitive Firewall:Securing Browser Based AI Agents Against Indirect Prompt Injection Via Hybrid Edge Cloud Defense 2026-03-24 · Score 10.8 Research Track B · General AI ClawGuard: A Runtime Security Framework for Tool-Augmented LLM Agents Against Indirect Prompt Injection 2026-04-13 · Score 9.3 General AI WebAgentGuard: A Reasoning-Driven Guard Model for Detecting Prompt Injection Attacks in Web Agents 2026-04-14 · Score 18.3 Research Track B · General AI AutoResearchBench: Benchmarking AI Agents on Complex Scientific Literature Discovery 2026-04-28 · Score 15.0 General AI A dataset of early blockchain-registered AI agents on Ethereum 2026-04-24 · Score 4.3 General AI

BibTeX

@article{xiang2026architecting,
  title = {Architecting Secure AI Agents: Perspectives on System-Level Defenses Against Indirect Prompt Injection Attacks},
  author = {Chong Xiang and Drew Zagieboylo and Shaona Ghosh and Sanjay Kariyappa and Kai Greshake and Hanshen Xiao and Chaowei Xiao and G. Edward Suh},
  year = {2026},
  abstract = {AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our vision for system-level defenses against indirect prompt injection attacks. We articulate three positions: (1) dynamic replanning and security policy updates are often necessary for dynamic tasks and realistic environments; (2) certain context-dependent secur},
  url = {https://arxiv.org/abs/2603.30016},
  keywords = {cs.CR, cs.AI},
  eprint = {2603.30016},
  archiveprefix = {arXiv},
}

Metadata

{}