Salvato in:
Dettagli Bibliografici
Autori principali: Correia, Pedro H. Barcha, Achjian, Ryan W., de Oliveira, Diego E. G. Caetano, Maria, Ygor Acacio, Hayashi, Victor Takashi, Lopes, Marcos, Miers, Charles Christian, Simplicio Jr, Marcos A.
Natura: Preprint
Pubblicazione: 2026
Soggetti:
Accesso online:https://arxiv.org/abs/2601.22240
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866918314259775488
author Correia, Pedro H. Barcha
Achjian, Ryan W.
de Oliveira, Diego E. G. Caetano
Maria, Ygor Acacio
Hayashi, Victor Takashi
Lopes, Marcos
Miers, Charles Christian
Simplicio Jr, Marcos A.
author_facet Correia, Pedro H. Barcha
Achjian, Ryan W.
de Oliveira, Diego E. G. Caetano
Maria, Ygor Acacio
Hayashi, Victor Takashi
Lopes, Marcos
Miers, Charles Christian
Simplicio Jr, Marcos A.
contents The rapid advancement and widespread adoption of generative artificial intelligence (GenAI) and large language models (LLMs) has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs can exploit LLMs, causing data leaks, unauthorized actions, or compromised outputs, for instance. As both offensive and defensive prompt injection techniques evolve quickly, a structured understanding of mitigation strategies becomes increasingly important. To address that, this work presents the first systematic literature review on prompt injection mitigation strategies, comprehending 88 studies. Building upon NIST's report on adversarial machine learning, this work contributes to the field through several avenues. First, it identifies studies beyond those documented in NIST's report and other academic reviews and surveys. Second, we propose an extension to NIST taxonomy by introducing additional categories of defenses. Third, by adopting NIST's established terminology and taxonomy as a foundation, we promote consistency and enable future researchers to build upon the standardized taxonomy proposed in this work. Finally, we provide a comprehensive catalog of the reviewed prompt injection defenses, documenting their reported quantitative effectiveness across specific LLMs and attack datasets, while also indicating which solutions are open-source and model-agnostic. This catalog, together with the guidelines presented herein, aims to serve as a practical resource for researchers advancing the field of adversarial machine learning and for developers seeking to implement effective defenses in production systems.
format Preprint
id arxiv_https___arxiv_org_abs_2601_22240
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle A Systematic Literature Review on LLM Defenses Against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy
Correia, Pedro H. Barcha
Achjian, Ryan W.
de Oliveira, Diego E. G. Caetano
Maria, Ygor Acacio
Hayashi, Victor Takashi
Lopes, Marcos
Miers, Charles Christian
Simplicio Jr, Marcos A.
Cryptography and Security
Artificial Intelligence
Computation and Language
Machine Learning
The rapid advancement and widespread adoption of generative artificial intelligence (GenAI) and large language models (LLMs) has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs can exploit LLMs, causing data leaks, unauthorized actions, or compromised outputs, for instance. As both offensive and defensive prompt injection techniques evolve quickly, a structured understanding of mitigation strategies becomes increasingly important. To address that, this work presents the first systematic literature review on prompt injection mitigation strategies, comprehending 88 studies. Building upon NIST's report on adversarial machine learning, this work contributes to the field through several avenues. First, it identifies studies beyond those documented in NIST's report and other academic reviews and surveys. Second, we propose an extension to NIST taxonomy by introducing additional categories of defenses. Third, by adopting NIST's established terminology and taxonomy as a foundation, we promote consistency and enable future researchers to build upon the standardized taxonomy proposed in this work. Finally, we provide a comprehensive catalog of the reviewed prompt injection defenses, documenting their reported quantitative effectiveness across specific LLMs and attack datasets, while also indicating which solutions are open-source and model-agnostic. This catalog, together with the guidelines presented herein, aims to serve as a practical resource for researchers advancing the field of adversarial machine learning and for developers seeking to implement effective defenses in production systems.
title A Systematic Literature Review on LLM Defenses Against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy
topic Cryptography and Security
Artificial Intelligence
Computation and Language
Machine Learning
url https://arxiv.org/abs/2601.22240