Prompt injection detection is commonly studied as a static offline classification problem, yet deployed LLM systems face evolving attacks and distribution shift after deployment. Static detectors are therefore poorly matched to the threat model, while routing every input to a stronger external LLM is costly and defeats the purpose of a local detector. We formulate prompt injection detection as a selective test-time adaptation problem. Our framework combines a prompt-based local detector built on masked language modeling and a learnable soft verbalizer with an entropy-based active querying mechanism that escalates only high-uncertainty inputs to an external LLM. Queried hard samples are then stored in a review window and replayed for subsequent detector updates. Empirical evaluations across multiple benchmarks show that EvoShield achieves performance on par with or even exceeding pure Large Language Model baselines, while cutting API query costs by more than 85%.
郑赞红 et al. (Sat,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: