Search by:
Application of a Semantic Metric for Detecting Prompt Injection Attacks in Multi-Agent Systems Based on Large Language Models
Full text (PDF)
UDC: 004.8
Publication Language: Ukrainian
Stuc. intelekt. 2026; 31(2):177-182
Abstract: The paper synthesizes contemporary research conducted in recent years to provide a comprehensive analysis of prompt injection detection methodologies and to evaluate their effectiveness against evolving adversarial strategies, including indirect prompt injection, domain-camouflaged malicious payloads, and conjunctive attacks. It outlines a paradigm shift in prompt injection attack detection, characterized by the transition from static, single-agent defense mechanisms to dynamic, multi-agent, and structurally aware architectures. The novelty of recent research lies in the recognition that traditional lexical and semantic filters are insufficient to counter adaptive adversaries that exploit the complex communication topologies of Large Language Model based multi-agent systems.
Keywords: multi-agent systems, attention mechanism tracking, chain-of-thought reasoning, adaptive detector allocation, domain-camouflaged attacks, test-time adaptation, multimodal security, indirect prompt injection.
References:
- Akinrele, A., & Gowda, S. N. (2026). Prompt Injection Detection is Regime-Dependent: A Deployment-Aware Evaluation with Interpretable Structural Signals (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2605.26999
- Arif, N. H., Lou, Q., & Zheng, M. (2026). Conjunctive Prompt Attacks in Multi-Agent LLM Systems (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2604.16543
- Ayub, Md. A., & Majumdar, S. (2024). Embedding-based classifiers can detect prompt injection attacks (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2410.22284
- Chang, H., Jun, Y., & Lee, H. (2025). ChatInject: Abusing Chat Templates for Prompt Injection in LLM Agents (Version 3). arXiv. https://doi.org/10.48550/ARXIV.2509.22830
- Chen, Y., Cao, T., Li, H., Liu, Y., Li, Y., He, Y., Khoi, L. M., Song, Y., Yan, S., & Hooi, B. (2026). WebAgentGuard: A Reasoning-Driven Guard Model for Detecting Prompt Injection Attacks in Web Agents (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2604.12284
- Du, M., Fang, H., Ma, H., Chen, J., Xu, K., Yin, Q., & Chang, E.-C. (2026). SnapGuard: Lightweight Prompt Injection Detection for Screenshot-Based Web Agents (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2604.25562
- Ferrag, M. A., Tihanyi, N., Hamouda, D., Maglaras, L., Lakas, A., & Debbah, M. (2025). From Prompt Injections to Protocol Exploits: Threats in LLM-Powered AI Agents Workflows (Version 2). arXiv. https://doi.org/10.48550/ARXIV.2506.23260
- Gosmar, D., & Dahl, D. A. (2025). Sentinel Agents for Secure and Trustworthy Agentic AI in Multi-Agent Systems (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2509.14956
- Gosmar, D., & Dahl, D. A. (2026). Prompt Injection Mitigation with Agentic AI, Nested Learning, and AI Sustainability via Semantic Caching (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2601.13186
- Gosmar, D., Dahl, D. A., & Gosmar, D. (2025). Prompt Injection Detection and Mitigation via AI Multi-Agent NLP Frameworks (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2503.11517
- Gulyamov, S., Gulyamov, S., Rodionov, A., Khursanov, R., Mekhmonov, K., Babaev, D., & Rakhimjonov, A. (2026). Prompt Injection Attacks in Large Language Models and AI Agent Systems: A Comprehensive Review of Vulnerabilities, Attack Vectors, and Defense Mechanisms. Information, 17(1), 54. https://doi.org/10.3390/info17010054
- Guo, Q., Tang, J., & Huang, X. (2025). Attacking LLMs and AI Agents: Advertisement Embedding Attacks Against Large Language Models (Version 2). arXiv. https://doi.org/10.48550/ARXIV.2508.17674
- Hao, G., & Wu, J. (2025). Privacy-Preserving Prompt Injection Detection for Smart Cloud-Deployed Large Language Models. 2025 IEEE 10th International Conference on Smart Cloud (SmartCloud), 26–31. https://doi.org/10.1109/smartcloud66068.2025.00009
- He, P., Xing, Y., Li, J., Dong, S., Dai, Z., Tang, X., Liu, H., Xu, H., Xiang, Z., Aggarwal, C. C., & Liu, H. (2025). Comprehensive Vulnerability Analysis is Necessary for Trustworthy LLM-MAS (Version 3). arXiv. https://doi.org/10.48550/ARXIV.2506.01245
- Hossain, S. M. A., Shayoni, R. K., Ameen, M. R., Islam, A., Mridha, M. F., & Shin, J. (2025). A Multi-Agent LLM Defense Pipeline Against Prompt Injection Attacks (Version 4). arXiv. https://doi.org/10.48550/ARXIV.2509.14285
- Hung, K.-H., Ko, C.-Y., Rawat, A., Chung, I.-H., Hsu, W. H., & Chen, P.-Y. (2024). Attention Tracker: Detecting Prompt Injection Attacks in LLMs (Version 2). arXiv. https://doi.org/10.48550/ARXIV.2411.00348
- Ju, T., Wang, Y., Hua, Y., Ma, X., Cheng, P., Zhao, H., Wang, Y., Liu, L., Xie, J., Zhang, Z., & Liu, G. (2026). Flooding spread of manipulated knowledge in LLM-based multi-agent communities. Science China Information Sciences, 69(7). https://doi.org/10.1007/s11432-024-4663-2
- Kokkula, S., R, S., R, N., Aashishkumar, & Divya, G. (2024). Palisade -- Prompt Injection Detection Framework (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2410.21146