CAPTURE: Context-Aware Prompt Injection Testing and Robustness Enhancement

Prompt injection remains a major security risk for large language models. However, the efficacy of existing guardrail models in context-aware settings remains underexplored, as they often rely on static attack benchmarks. Additionally, they have over-defense tendencies. We introduce CAPTURE, a novel context-aware benchmark assessing both attack detection and over-defense tendencies with minimal in-domain examples. Our experiments reveal that current prompt injection guardrail models suffer from high false negatives in adversarial cases and excessive false positives in benign scenarios, highlighting critical limitations.

@article{kholkar2025_2505.12368,
  title={ CAPTURE: Context-Aware Prompt Injection Testing and Robustness Enhancement },
  author={ Gauri Kholkar and Ratinder Ahuja },
  journal={arXiv preprint arXiv:2505.12368},
  year={ 2025 }
}