Despite their potential, recent research has demonstrated that LLM agents are vulnerable to prompt injection attacks, where malicious prompts are injected into the agent's input, causing it to perform an attacker-specified task rather than the intended task provided by the user. In this paper, we present PromptArmor, a simple yet effective defense against prompt injection attacks. Specifically, PromptArmor prompts an off-the-shelf LLM to detect and remove potential injected prompts from the input before the agent processes it. Our results show that PromptArmor can accurately identify and remove injected prompts. For example, using GPT-4o, GPT-4.1, or o4-mini, PromptArmor achieves both a false positive rate and a false negative rate below 1% on the AgentDojo benchmark. Moreover, after removing injected prompts with PromptArmor, the attack success rate drops to below 1%. We also demonstrate PromptArmor's effectiveness against adaptive attacks and explore different strategies for prompting an LLM. We recommend that PromptArmor be adopted as a standard baseline for evaluating new defenses against prompt injection attacks.

Hackers have developed a'difficult to trace' new method to exploit AI tools inside workplace messaging app Slack -- tricking its chatbot into sending malware. The popular collaboration platform has gained prominence for facilitating quick communications between coworkers, with some linking it to a new age of'micro-cheating' and office affairs. The cybersecurity team within Slack's research program said Tuesday that they had patched the issue on the same day outside experts first reported the flaw to them. But the vulnerability, which lets hackers disguise malicious code inside uploaded documents and Google Drive files, highlights the growing risks posed by'artificial intelligence' that lacks the'street smarts' to deal with unscrupulous user requests. While the independent security researcher who first discovered the new flaw praised Slack for its diligent response, they went public with news of the AI's vulnerability'so that users could turn off the necessary settings to decrease their exposure.'