Toward Trustworthy Agentic AI: A Multimodal Framework for Preventing Prompt Injection Attacks
Toqeer Ali Syed, Mishal Ateeq Almutairi, Mahmoud Abdel Moaty
TL;DR
The paper tackles the vulnerability of multimodal, agentic AI systems to prompt injection attacks by proposing a Cross-Agent Multimodal Provenance-Aware Defense Framework. The framework deploys a four-agent defense pipeline (text sanitizer, visual sanitizer, main task model, and output validator) with a shared provenance ledger to sanitize inputs, validate outputs, and track cross-agent influence. Experimental results show a 94% detection rate, a 70% reduction in cross-modal trust leakage, and 96% task accuracy on benign inputs, demonstrating secure, low-overhead protection for LangChain/GraphChain-style workflows. This work advances end-to-end, provenance-conscious security for multi-agent AI ecosystems, enabling more trustworthy and understandable agentic systems in practical deployments.
Abstract
Powerful autonomous systems, which reason, plan, and converse using and between numerous tools and agents, are made possible by Large Language Models (LLMs), Vision-Language Models (VLMs), and new agentic AI systems, like LangChain and GraphChain. Nevertheless, this agentic environment increases the probability of the occurrence of multimodal prompt injection (PI) attacks, in which concealed or malicious instructions carried in text, pictures, metadata, or agent-to-agent messages may spread throughout the graph and lead to unintended behavior, a breach of policy, or corruption of state. In order to mitigate these risks, this paper suggests a Cross-Agent Multimodal Provenanc- Aware Defense Framework whereby all the prompts, either user-generated or produced by upstream agents, are sanitized and all the outputs generated by an LLM are verified independently before being sent to downstream nodes. This framework contains a Text sanitizer agent, visual sanitizer agent, and output validator agent all coordinated by a provenance ledger, which keeps metadata of modality, source, and trust level throughout the entire agent network. This architecture makes sure that agent-to-agent communication abides by clear trust frames such such that injected instructions are not propagated down LangChain or GraphChain-style-workflows. The experimental assessments show that multimodal injection detection accuracy is significantly enhanced, and the cross-agent trust leakage is minimized, as well as, agentic execution pathways become stable. The framework, which expands the concept of provenance tracking and validation to the multi-agent orchestration, enhances the establishment of secure, understandable and reliable agentic AI systems.
