Design Patterns for Securing LLM Agents Against Prompt Injections

IBM, Invariant Labs, ETH Zurich, Google, and Microsoft researchers have proposed six design patterns to mitigate prompt injection risks in LLM agents. These patterns constrain agents' actions to balance utility and security. The paper outlines patterns like Action-Selector, Plan-Then-Execute, and Dual LLM, offering practical solutions for more secure AI systems. Ten case studies demonstrate applications to real-world scenarios such as SQL agents and customer service chatbots.