Canary Tokens for Prompt Injection Detection

Canary Tokens for Prompt Injection Detection
Canary tokens for prompt injection detection use a unique, high-entropy string planted in an LLM’s context and checked on output to confirm when sensitive prompt data has been extracted. They provide near-zero false positives and low-cost detection, but they do not block attacks or prevent leaks by themselves. #OWASP #LLM #PromptInjection

Keypoints

  • Canary tokens detect prompt extraction by spotting a unique planted string in model output.
  • The method is cheap, simple, and has near-zero false positives by design.
  • Different canaries can be placed in system prompts, tool descriptions, and RAG chunks.
  • Stealth canary positions help catch attackers who try to remove obvious markers.
  • Canary tokens are detection only and do not stop prompt injection or data exfiltration.

Read More: https://www.toxsec.com/p/canary-tokens-for-prompt-injection