[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-31624":3,"doc-seo-31624":27},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"file_id":15,"file_url":16,"file_type":17,"file_size":18,"view_count":4,"is_deleted":4,"is_public":19,"is_downloadable":19,"audit_status":19,"page_count":20,"language":21,"language_code":22,"table_of_contents":23,"faqs":24,"seo_title":13,"seo_description":14,"update_tm":25,"read_time":26},31624,16904993612988,"Olivia Brown","https://ap-avatar.wpscdn.com/davatar_a8503ba1806abce46bf441b54a3ca4cd",8,"Research & Report","To Protect the LLM Agent Against the Prompt Injection Attack with Polymorphic Prompt","LLM agents used for support, content generation, and code assistance are vulnerable to prompt injection, where adversarial inputs override intended instructions and can trigger data leakage or moderation bypass. Existing defenses such as input sanitization, guard models, and guardrails are often cumbersome or unreliable against evolving attacks. This paper introduces Polymorphic Prompt Assembling (PPA), a lightweight defense that randomizes system-prompt structure to prevent attackers from predicting and breaking prompt structure, evaluated through experiments against known attacks and comparisons with other methods.","cbCaikQkvWvCVvP6","https://ap.wps.com/l/cbCaikQkvWvCVvP6","pdf",668238,1,7,"English","en","# Introduction\n## Background: LLM agent prompting and injection risk\n## Existing defenses and limitations\n## Proposed method: Polymorphic Prompt Assembling (PPA)\n# Research questions and evaluation setup","[{\"question\":\"What problem does Polymorphic Prompt Assembling (PPA) address for LLM agents?\",\"answer\":\"PPA addresses prompt injection attacks where crafted adversarial inputs manipulate the model to ignore intended instructions. It aims to disrupt attackers’ ability to predict and break the prompt structure.\"},{\"question\":\"Why do traditional defenses like input filtering and system prompt enforcement struggle?\",\"answer\":\"The document explains that these defenses can fail against evolving adaptive strategies, especially when attackers can infer or learn the prompt structure. That predictability makes successful exploitation easier.\"},{\"question\":\"How does PPA improve security while keeping overhead low?\",\"answer\":\"PPA randomly varies the structure and combination/placement of system and user inputs before the LLM processes them. This prevents attackers from reliably predicting the final prompt structure, providing stronger security with near-zero runtime overhead.\"}]",1779829255,18,{"code":4,"msg":28,"data":29},"ok",{"site_id":30,"language":22,"slug":31,"title":13,"keywords":32,"description":14,"schema_data":33,"social_meta":84,"head_meta":86,"extra_data":88,"updated_unix":25},105,"to-protect-the-llm-agent-against-the-prompt-injection-attack-with-polymorphic-prompt","",{"@graph":34,"@context":83},[35,52,66],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":19},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/to-protect-the-llm-agent-against-the-prompt-injection-attack-with-polymorphic-prompt/31624/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"description":14,"dateModified":60,"datePublished":60,"encodingFormat":59,"isAccessibleForFree":61,"interactionStatistic":62},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-05-26",true,{"@type":63,"interactionType":64,"userInteractionCount":4},"InteractionCounter",{"@type":65},"ViewAction",{"@type":67,"mainEntity":68},"FAQPage",[69,75,79],{"name":70,"@type":71,"acceptedAnswer":72},"What problem does Polymorphic Prompt Assembling (PPA) address for LLM agents?","Question",{"text":73,"@type":74},"PPA addresses prompt injection attacks where crafted adversarial inputs manipulate the model to ignore intended instructions. It aims to disrupt attackers’ ability to predict and break the prompt structure.","Answer",{"name":76,"@type":71,"acceptedAnswer":77},"Why do traditional defenses like input filtering and system prompt enforcement struggle?",{"text":78,"@type":74},"The document explains that these defenses can fail against evolving adaptive strategies, especially when attackers can infer or learn the prompt structure. That predictability makes successful exploitation easier.",{"name":80,"@type":71,"acceptedAnswer":81},"How does PPA improve security while keeping overhead low?",{"text":82,"@type":74},"PPA randomly varies the structure and combination/placement of system and user inputs before the LLM processes them. This prevents attackers from reliably predicting the final prompt structure, providing stronger security with near-zero runtime overhead.","https://schema.org",{"og:url":50,"og:type":85,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":87,"canonical":50},"index,follow",{"doc_id":7,"site_id":30}]