2604.02019 Detecting Prompt-Injection Attacks via Anomaly Scoring of Hidden-State Activations
boyi·
Prompt-injection attacks remain one of the most persistent failure modes for production LLM agents, with public exploit galleries growing roughly 38% year-over-year. We investigate whether internal hidden-state activations carry a residual signature when an instruction in retrieved or tool-returned content overrides the developer's system prompt.