@inproceedings{ribeiro-etal-2025-proxy,
    title = "Proxy Barrier: A Hidden Repeater Layer Defense Against System Prompt Leakage and Jailbreaking",
    author = {Ribeiro, Pedro Schindler Freire Brasil  and
      Brito, Iago Alves  and
      Sousa, Rafael Teixeira  and
      F{\"a}rber, Fernanda Bufon  and
      Dollis, Julia Soares  and
      Galv{\~a}o Filho, Arlindo Rodrigues},
    editor = "Christodoulopoulos, Christos  and
      Chakraborty, Tanmoy  and
      Rose, Carolyn  and
      Peng, Violet",
    booktitle = "Findings of the Association for Computational Linguistics: EMNLP 2025",
    month = nov,
    year = "2025",
    address = "Suzhou, China",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/name-variant-enfa-fane/2025.findings-emnlp.528/",
    doi = "10.18653/v1/2025.findings-emnlp.528",
    pages = "9960--9975",
    ISBN = "979-8-89176-335-7",
    abstract = "Prompt injection and jailbreak attacks remain a critical vulnerability for deployed large language models (LLMs), allowing adversaries to bypass safety protocols and extract sensitive information. To address this, we present Proxy Barrier (ProB), a lightweight defense that interposes a proxy LLM between the user and the target model. The proxy LLM is tasked solely to repeat the user input, and any failure indicates the presence of an attempt to reveal or override system instructions, leading the malicious request to be detected and blocked before it reaches the target model. ProB therefore requires no access to model weights or prompts, and is deployable entirely at the API level. Experiments across multiple model families demonstrate that ProB achieves state-of-the-art resilience against prompt leakage and jailbreak attacks. Notably, our approach outperforms baselines and achieves up to 98.8{\%} defense effectiveness, and shows robust protection across both open and closed-source LLMs when suitably paired with proxy models, while also keeping response quality intact."
}