Composable Trust for Language Models: A Proven Boundary and a Measured Defense
Jul 16, 2026
Researchers introduce a trust model for large language models (LLMs) that shifts authority to external code, using source integrity to determine which operations are executed. Their deterministic pipeline ranks inputs by trust level, and a non-model monitor ensures that only trusted inputs can trigger actions. In experiments with an unmodified Gemma 4 26B model, their defense increased protection against genuine prompt injection leaks from 27% to 94% with only a 4% reduction in clean output quality, and improved attribution of lower-trust sources from 0% to 92%.
Why it matters: This work establishes a provable security boundary against prompt injection in LLMs, addressing a critical vulnerability while maintaining high performance and source attribution.
Full story at: arXiv Cryptography and Security ↗