Maintained implementation availablepytorch

DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents

Hao Li, Xiaogeng Liu, Hung-Chun Chiu, Dianqi Li, Ning Zhang +1 more

June 13, 2025arXiv: 2506.12104

1 repo47 stars~a few hours to reproduce

Abstract

Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities. By interacting with external environments through predefined tools, these agents can carry out complex user tasks. Nonetheless, this interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior, potentially...

Summary

DRIFT is a dynamic rule-based isolation framework for LLM agents that enforces security policies and injection isolation to defend against prompt injection attacks in tool-using agentic systems. This page includes benchmark evidence for Instruction tuning on undefended agent. Reproduction guidance focuses on implementation viability and concrete risk controls.

Key Contributions

DRIFT is a dynamic rule-based isolation framework for LLM agents that enforces security policies and injection isolation to defend against prompt injection attacks in tool-using agentic systems.
DRIFT consists of a Secure Planner that builds a minimal function trajectory and JSON-schema-style parameter checklist, a Dynamic Validator that monitors deviations from the plan, and an Injection Isolator that masks.
The authors evaluate DRIFT on the AgentDojo, ASB, and AgentDyn benchmarks, targeting security against prompt injection while preserving high task utility across different LLM-based agent setups.

Implementation Guidance

Use leolee99/drift first because deterministic ranking and extracted evidence align on implementation viability. Start with the repo setup path, then validate benchmark reproduction before adaptation.

Reproducibility Notes

License metadata missing
No CI workflows detected

Results & Benchmarks

Task	Dataset	Metric	Value
Instruction tuning	undefended agent	Efficiency.	21.4

Best Implementation

leolee99/drift

[NeurIPS 2025] The official implementation of the paper "DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents".

47 3 Mar 2026

License –

CI –

Deps ✓

Docker –

Selected leolee99/drift as the strongest maintained implementation for new work.
Includes dependency/environment manifest signals.
Repository activity is within the last 24 months.

Reproduction Path

1
Start with leolee99/drift and validate setup instructions in README.
2
Reproduce the baseline result with the provided defaults before modifying hyperparameters.
3
Log exact dependency versions and runtime environment for reproducibility.

Time to first repro: a few hoursLicense metadata missingNo CI workflows detected

Additional Implementations

No additional verified repositories beyond the primary recommendation.

Hugging Face Artifacts

No trustworthy direct or curated related Hugging Face artifacts were found yet.

Continue with targeted Hugging Face searches:

models

arxiv:2506.12104 DRIFT Rule-Based

datasets

arxiv:2506.12104 DRIFT dataset Instruction tuning dataset

spaces

arxiv:2506.12104 DRIFT demo Instruction tuning demo

Research Context