SoK: Systematizing LLM Prompt Security: Taxonomies, Datasets, and Unified Evaluation of Attacks and Defenses

arXiv:2510.15476v3 Announce Type: replace-cross Abstract: Large Language Models (LLMs) are increasingly used as interfaces to information, code, and real-world services, making prompt-level security failures a practical concern. Although jailbreak attacks, defenses, datasets, and automated judgers have advanced rapidly, evaluation remains fragmented across threat models, access assumptions, cost budgets, datasets, and success criteria. This makes reported attack success rates and defense gains hard to compare. This SoK systematizes LLM prompt security across concepts, data, tooling, and measur
The rapid deployment of LLMs into critical interfaces necessitates immediate attention to security vulnerabilities, as their expanded use increases practical risks.
A strategic reader should care because unchecked prompt-level security failures can lead to significant data breaches, manipulation, and erosion of trust in AI systems, impacting enterprises and national security.
The systematization of LLM prompt security provides a clearer framework for evaluating attacks and defenses, making it easier to compare solutions and improve the overall robustness of AI applications.
- · Cybersecurity firms specializing in AI
- · Enterprises deploying secure LLM-based solutions
- · AI developers focused on robust models
- · Academic researchers in AI security
- · LLM providers with slow security updates
- · Organizations deploying insecure LLMs
- · Bad actors relying on simple jailbreaks
- · Unsecured open-source LLM projects
Improved security standards and practices are adopted across the LLM development and deployment lifecycle.
Increased demand for specialized AI security talent and tools, leading to a new sub-industry within cybersecurity.
Government regulations and compliance requirements emerge to enforce minimum security baselines for AI systems, influencing market access and product design.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at arXiv cs.AI