🛡️ CaMeL: Defeating Prompt Injections with Capability-Based Security
Failed to add items
Add to basket failed.
Add to wishlist failed.
Remove from wishlist failed.
Adding to library failed
Follow podcast failed
Unfollow podcast failed
🛡️ CaMeL: Defeating Prompt Injections with Capability-Based Security
-
Narrated by:
-
By:
About this listen
The provided document introduces CaMeL, a novel security defence designed to protect Large Language Model (LLM) agents from prompt injection attacks that can occur when they process untrusted data. CaMeL operates by creating a protective layer around the LLM, explicitly separating and tracking the control and data flows originating from trusted user queries, thus preventing malicious untrusted data from manipulating the program's execution. This system employs a custom Python interpreter to enforce security policies and prevent unauthorised data exfiltration, using a concept of "capabilities" to manage data flow. Evaluated on the AgentDojo benchmark, CaMeL demonstrated a significant reduction in successful attacks compared to models without it and other existing defence mechanisms, often with minimal impact on the agent's ability to complete tasks.