Design Patterns for Securing LLM Agents Against Prompt Injection

A new arxiv paper (2506.08837) proposes principled design patterns for building agents with provable resistance to prompt injection — a critical threat when agents have tool access or handle sensitive data. Key patterns: the code-then-execute pattern (LLM writes code that runs on untrusted data, rather than directly acting on it) and context minimization. The paper concludes no single pattern suffices — use combinations.

---

Sources: ArXiv Abstract