CaMeL ("Defeating Prompt Injections by Design") is a capability-based, system-level defense against prompt injection: it wraps the LLM in a protective layer that tracks data provenance and enforces explicit control- and data-flow policies, so untrusted content cannot trigger unauthorized actions. First approach to solve most of AgentDojo by construction rather than by patching the model.

joint→Google DeepMind (DeepMind-led, ETH first author); IEEE SaTML 2026.

Paper

Venue IEEE SaTML 2026
securitysafetyagenticresearch

Related