Prompt Injection Attack

Table of Contents
NeurIPS
ICML
ICLR
KDD
SP
CCS
USENIX Security Symposium
ACL
NAACL-HLT
EMNLP
ICSE
ICDM
ACM Multimedia
IEEE Trans. Image Process.
IEEE Trans. Inf. Forensics Secur.
arXiv

NeurIPS

Expand NeurIPS

2024

Title Venue Year Link
AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents. NeurIPS 2024 Link

ICML

Expand ICML

2025

Title Venue Year Link
MELON: Provable Defense Against Indirect Prompt Injection Attacks in AI Agents. ICML 2025 Link

ICLR

Expand ICLR

2024

Title Venue Year Link
Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game. ICLR 2024 Link

KDD

Expand KDD

2025

Title Venue Year Link
Benchmarking and Defending against Indirect Prompt Injection Attacks on Large Language Models. KDD 2025 Link
Generalizable Graph Prompt Learning Framework with Model-level Prompt Injection and Two-Stage Prompt Tuning. KDD 2025 Link

SP

Expand SP

2025

Title Venue Year Link
DataSentinel: A Game-Theoretic Detection of Prompt Injection Attacks. SP 2025 Link
Fun-tuning: Characterizing the Vulnerability of Proprietary LLMs to Optimization-Based Prompt Injection Attacks via the Fine-Tuning Interface. SP 2025 Link

2024

Title Venue Year Link
PromptCARE: Prompt Copyright Protection by Watermark Injection and Verification. SP 2024 Link

CCS

Expand CCS

2025

Title Venue Year Link
SecAlign: Defending Against Prompt Injection with Preference Optimization. CCS 2025 Link

2024

Title Venue Year Link
Optimization-based Prompt Injection Attack to LLM-as-a-Judge. CCS 2024 Link

USENIX Security Symposium

Expand USENIX Security Symposium

2025

Title Venue Year Link
StruQ: Defending Against Prompt Injection with Structured Queries. USENIX Security Symposium 2025 Link

2024

Title Venue Year Link
Formalizing and Benchmarking Prompt Injection Attacks and Defenses. USENIX Security Symposium 2024 Link

ACL

Expand ACL

2025

Title Venue Year Link
Can Indirect Prompt Injection Attacks Be Detected and Removed? ACL 2025 Link
Defense Against Prompt Injection Attack by Leveraging Attack Techniques. ACL 2025 Link
PIGuard: Prompt Injection Guardrail via Mitigating Overdefense for Free. ACL 2025 Link
The Task Shield: Enforcing Task Alignment to Defend Against Indirect Prompt Injection in LLM Agents. ACL 2025 Link

2024

Title Venue Year Link
InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated Large Language Model Agents. ACL 2024 Link

NAACL-HLT

Expand NAACL-HLT

2024

Title Venue Year Link
Backdooring Instruction-Tuned Large Language Models with Virtual Prompt Injection. NAACL-HLT 2024 Link

EMNLP

Expand EMNLP

2025

Title Venue Year Link
AGENTVIGIL: Automatic Black-Box Red-teaming for Indirect Prompt Injection against LLM Agents. EMNLP 2025 Link
Backdoor-Powered Prompt Injection Attacks Nullify Defense Methods. EMNLP 2025 Link
Defending against Indirect Prompt Injection by Instruction Detection. EMNLP 2025 Link
IPIGuard: A Novel Tool Dependency Graph-Based Defense Against Indirect Prompt Injection in LLM Agents. EMNLP 2025 Link
Invisible Prompts, Visible Threats: Malicious Font Injection in External Resources for Large Language Models. EMNLP 2025 Link
The Dangers of Indirect Prompt Injection Attacks on LLM-based Autonomous Web Navigation Agents: A Demonstration. EMNLP 2025 Link
TopicAttack: An Indirect Prompt Injection Attack via Topic Transition. EMNLP 2025 Link
Transferable Direct Prompt Injection via Activation-Guided MCMC Sampling. EMNLP 2025 Link
WebInject: Prompt Injection Attack to Web Agents. EMNLP 2025 Link

2024

Title Venue Year Link
Evaluating the Instruction-Following Robustness of Large Language Models to Prompt Injection. EMNLP 2024 Link

ICSE

Expand ICSE

2025

Title Venue Year Link
Prompt-to-SQL Injections in LLM-Integrated Web Applications: Risks and Defenses. ICSE 2025 Link

ICDM

Expand ICDM

2024

Title Venue Year Link
Goal-Guided Generative Prompt Injection Attack on Large Language Models. ICDM 2024 Link

ACM Multimedia

Expand ACM Multimedia

2025

Title Venue Year Link
Manipulating Multimodal Agents via Cross-Modal Prompt Injection. ACM Multimedia 2025 Link

IEEE Trans. Image Process.

Expand IEEE Trans. Image Process.

2026

Title Venue Year Link
CRISP: Contrastive Residual Injection and Semantic Prompting for Continual Video Instance Segmentation. IEEE Trans. Image Process. 2026 Link

IEEE Trans. Inf. Forensics Secur.

Expand IEEE Trans. Inf. Forensics Secur.

2026

Title Venue Year Link
PromptFuzz: Harnessing Fuzzing Techniques for Robust Testing of Prompt Injection in LLMs. IEEE Trans. Inf. Forensics Secur. 2026 Link

arXiv

Expand arXiv

2026

Title Venue Year Link
AgentWatcher: A Rule-based Prompt Injection Monitor arXiv 2026 2604.01194
AttackEval: A Systematic Empirical Study of Prompt Injection Attack Effectiveness Against Large Language Models arXiv 2026 2604.03598
Automating Cloud Security and Forensics Through a Secure-by-Design Generative AI Framework arXiv 2026 2604.03912
ClawSafety: "Safe" LLMs, Unsafe Agents arXiv 2026 2604.01438
Compiled AI: Deterministic Code Generation for LLM-Based Workflow Automation arXiv 2026 2604.05150
Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study arXiv 2026 2604.03070
Gradient-Controlled Decoding: A Safety Guardrail for LLMs with Dual-Anchor Steering arXiv 2026 2604.05179
LogicPoison: Logical Attacks on Graph Retrieval-Augmented Generation arXiv 2026 2604.02954
ShieldNet: Network-Level Guardrails against Emerging Supply-Chain Injections in Agentic Systems arXiv 2026 2604.04426
Your Agent is More Brittle Than You Think: Uncovering Indirect Injection Vulnerabilities in Agentic LLMs arXiv 2026 2604.03870