Table of Contents
Fetching ...

SecureCAI: Injection-Resilient LLM Assistants for Cybersecurity Operations

Mohammed Himayath Ali, Mohammed Aqib Abdullah, Mohammed Mudassir Uddin, Shahnawaz Alam

TL;DR

SecureCAI targets prompt injection risks in LLM-assisted cybersecurity workflows by extending Constitutional AI with security-aware guardrails, adaptive constitution evolution driven by red-teaming, and DPO-based unlearning of unsafe patterns. The framework formalizes a threat model for six attack categories, implements five core security principles encoded as constraints, and uses an adaptive loop to update defenses as new adversarial techniques arise. Empirical results show a 94.7% reduction in attack success rate while preserving or improving benign security task performance, with constitutional adherence remaining above 0.92 under strong adversarial pressure. These findings suggest a practical path to trustworthy LLM deployment in operational SOC contexts, balancing safety with analytic utility and outlining concrete deployment considerations and future enhancements.

Abstract

Large Language Models have emerged as transformative tools for Security Operations Centers, enabling automated log analysis, phishing triage, and malware explanation; however, deployment in adversarial cybersecurity environments exposes critical vulnerabilities to prompt injection attacks where malicious instructions embedded in security artifacts manipulate model behavior. This paper introduces SecureCAI, a novel defense framework extending Constitutional AI principles with security-aware guardrails, adaptive constitution evolution, and Direct Preference Optimization for unlearning unsafe response patterns, addressing the unique challenges of high-stakes security contexts where traditional safety mechanisms prove insufficient against sophisticated adversarial manipulation. Experimental evaluation demonstrates that SecureCAI reduces attack success rates by 94.7% compared to baseline models while maintaining 95.1% accuracy on benign security analysis tasks, with the framework incorporating continuous red-teaming feedback loops enabling dynamic adaptation to emerging attack strategies and achieving constitution adherence scores exceeding 0.92 under sustained adversarial pressure, thereby establishing a foundation for trustworthy integration of language model capabilities into operational cybersecurity workflows and addressing a critical gap in current approaches to AI safety within adversarial domains.

SecureCAI: Injection-Resilient LLM Assistants for Cybersecurity Operations

TL;DR

SecureCAI targets prompt injection risks in LLM-assisted cybersecurity workflows by extending Constitutional AI with security-aware guardrails, adaptive constitution evolution driven by red-teaming, and DPO-based unlearning of unsafe patterns. The framework formalizes a threat model for six attack categories, implements five core security principles encoded as constraints, and uses an adaptive loop to update defenses as new adversarial techniques arise. Empirical results show a 94.7% reduction in attack success rate while preserving or improving benign security task performance, with constitutional adherence remaining above 0.92 under strong adversarial pressure. These findings suggest a practical path to trustworthy LLM deployment in operational SOC contexts, balancing safety with analytic utility and outlining concrete deployment considerations and future enhancements.

Abstract

Large Language Models have emerged as transformative tools for Security Operations Centers, enabling automated log analysis, phishing triage, and malware explanation; however, deployment in adversarial cybersecurity environments exposes critical vulnerabilities to prompt injection attacks where malicious instructions embedded in security artifacts manipulate model behavior. This paper introduces SecureCAI, a novel defense framework extending Constitutional AI principles with security-aware guardrails, adaptive constitution evolution, and Direct Preference Optimization for unlearning unsafe response patterns, addressing the unique challenges of high-stakes security contexts where traditional safety mechanisms prove insufficient against sophisticated adversarial manipulation. Experimental evaluation demonstrates that SecureCAI reduces attack success rates by 94.7% compared to baseline models while maintaining 95.1% accuracy on benign security analysis tasks, with the framework incorporating continuous red-teaming feedback loops enabling dynamic adaptation to emerging attack strategies and achieving constitution adherence scores exceeding 0.92 under sustained adversarial pressure, thereby establishing a foundation for trustworthy integration of language model capabilities into operational cybersecurity workflows and addressing a critical gap in current approaches to AI safety within adversarial domains.
Paper Structure (47 sections, 25 equations, 4 figures, 5 tables)

This paper contains 47 sections, 25 equations, 4 figures, 5 tables.

Figures (4)

  • Figure 1: Attack vector taxonomy for LLM-assisted security operations showing baseline attack success rates (ASR) on unprotected models. The six primary attack categories represent distinct injection mechanisms targeting SOC workflows. Attack categorization follows threat models established by Greshake et al. greshake2023indirect and Liu et al. liu2023prompt. Direct prompt injection exhibits the highest success rate (91.6%), while context overflow shows relative resilience (68.2%).
  • Figure 2: The SecureCAI architecture integrating Constitutional AI principles bai2022constitutional with security-specific components. Solid arrows indicate forward processing through the defense layers; dashed arrows represent the adaptive feedback loop for continuous constitution evolution. Key metrics: Constitutional Adherence Score (CAS) of 0.96, final Attack Success Rate (ASR) of 4.3%, trained on 51,750 preference pairs.
  • Figure 3: Training pipeline following Constitutional AI bai2022constitutional extended with DPO rafailov2023direct. Progressive ASR reduction: 80.4% $\rightarrow$ 40.4% $\rightarrow$ 4.3%.
  • Figure 4: Constitutional adherence scores under increasing adversarial pressure measured across 10,000 test samples. Pressure level quantifies attack sophistication from benign (0.0) to maximum-strength adaptive attacks (1.0). SecureCAI maintains CAS $>$0.92 at all levels, demonstrating robustness consistent with adaptive defense mechanisms ganguli2023red.