This repository provides the code for the research paper "Defeating Prompt Injections by Design." It offers a defense mechanism against prompt injection attacks in large language models, targeting researchers and developers working with LLMs who need to secure their applications against adversarial inputs. The primary benefit is enabling the reproduction of experimental results and providing a foundation for understanding and implementing robust prompt injection defenses.

How It Works

The project implements a defense strategy designed to mitigate prompt injection vulnerabilities. While specific algorithmic details are not elaborated in the README, the code likely orchestrates model interactions and input processing to identify and neutralize malicious prompts before they can compromise the LLM's intended behavior. The approach aims to defeat prompt injections "by design," suggesting a proactive rather than reactive security posture.

Quick Start & Requirements

• Installation: Install uv from official instructions. Rename .env.example to .env and add API keys. Dependencies are installed via uv run ....
• Prerequisites: uv package manager, API keys for language models, Python environment.
• Running the defense: uv run --env-file .env main.py MODEL_NAME [--use-original] [--ad_defense] [--reasoning-effort] [--thinking_budget_tokens] [--run-attack] [--replay-with-policies] [--eval_mode]. Detailed arguments are available via uv run main.py --help.
• Adding Models: New models can be added to models.py by updating _supported_model_names and _oai_thinking_models variables.
• Links: No direct links to demos or official docs are provided, but CLI help is available.

Highlighted Details

• Provides code to reproduce experimental results from the paper "Defeating Prompt Injections by Design."
• Focuses on a "by design" approach to counter prompt injection vulnerabilities.

Maintenance & Community

• This is a research artifact, not a supported product.
• No maintenance or support is planned.
• Bug fixes are not anticipated.
• For questions, users are directed to open an issue in the repository.

Licensing & Compatibility

• No explicit license is mentioned in the README.
• The project is explicitly stated as "not a Google product" and "not an officially supported Google product."
• It is not eligible for the Google Open Source Software Vulnerability Rewards Program. Compatibility for commercial use or closed-source linking is undetermined due to the lack of a license.

Limitations & Caveats

• The interpreter implementation may contain bugs and is not guaranteed to be fully secure.
• This codebase is intended solely for research artifact reproduction and is not production-ready.
• No support or maintenance will be provided.