PRISM: Real-Time Defense Against Secret Leakage in Multi-Agent LLM Systems
A new research paper on arXiv introduces PRISM, a real-time defense mechanism for multi-agent LLM systems that detects and mitigates secret leakage during text generation. The authors formalize 'propagation amplification,' where sensitive information accessed by one agent can spread through shared context to downstream outputs. Existing defenses like prompt-based safeguards and static pattern matching are inadequate for this setting. PRISM treats credential leakage as a sequential risk accumulation problem, combining 16 signals at each decoding step to identify and block leaks before they occur. The paper is available at arXiv:2605.10614.
Key facts
- PRISM is a real-time defense for multi-agent LLM systems.
- It addresses propagation amplification of sensitive information.
- Combines 16 signals at each decoding step.
- Existing defenses are not designed for multi-agent settings.
- Paper published on arXiv with ID 2605.10614.
- Treats leakage as sequential risk accumulation.
- Operates during generation, not after.
- Aims to prevent secret leakage without explicit adversarial intent.
Entities
Institutions
- arXiv