SecureCAI: Injection-Resilient LLM Assistants for Cybersecurity Operations
Mohammed Himayath Ali, Mohammed Aqib Abdullah, Mohammed Mudassir Uddin, Shahnawaz Alam
TL;DR
SecureCAI targets prompt injection risks in LLM-assisted cybersecurity workflows by extending Constitutional AI with security-aware guardrails, adaptive constitution evolution driven by red-teaming, and DPO-based unlearning of unsafe patterns. The framework formalizes a threat model for six attack categories, implements five core security principles encoded as constraints, and uses an adaptive loop to update defenses as new adversarial techniques arise. Empirical results show a 94.7% reduction in attack success rate while preserving or improving benign security task performance, with constitutional adherence remaining above 0.92 under strong adversarial pressure. These findings suggest a practical path to trustworthy LLM deployment in operational SOC contexts, balancing safety with analytic utility and outlining concrete deployment considerations and future enhancements.
Abstract
Large Language Models have emerged as transformative tools for Security Operations Centers, enabling automated log analysis, phishing triage, and malware explanation; however, deployment in adversarial cybersecurity environments exposes critical vulnerabilities to prompt injection attacks where malicious instructions embedded in security artifacts manipulate model behavior. This paper introduces SecureCAI, a novel defense framework extending Constitutional AI principles with security-aware guardrails, adaptive constitution evolution, and Direct Preference Optimization for unlearning unsafe response patterns, addressing the unique challenges of high-stakes security contexts where traditional safety mechanisms prove insufficient against sophisticated adversarial manipulation. Experimental evaluation demonstrates that SecureCAI reduces attack success rates by 94.7% compared to baseline models while maintaining 95.1% accuracy on benign security analysis tasks, with the framework incorporating continuous red-teaming feedback loops enabling dynamic adaptation to emerging attack strategies and achieving constitution adherence scores exceeding 0.92 under sustained adversarial pressure, thereby establishing a foundation for trustworthy integration of language model capabilities into operational cybersecurity workflows and addressing a critical gap in current approaches to AI safety within adversarial domains.
