Table of Contents
Fetching ...

Prompt Injection Mitigation with Agentic AI, Nested Learning, and AI Sustainability via Semantic Caching

Diego Gosmar, Deborah A. Dahl

TL;DR

Results indicate that observability-aware evaluation can reveal non-monotonic effects within multi-agent pipelines and that memory-augmented agents can jointly maximize security robustness, real-time performance, operational cost savings, and environmental sustainability without modifying underlying model weights.

Abstract

Prompt injection remains a central obstacle to the safe deployment of large language models, particularly in multi-agent settings where intermediate outputs can propagate or amplify malicious instructions. Building on earlier work that introduced a four-metric Total Injection Vulnerability Score (TIVS), this paper extends the evaluation framework with semantic similarity-based caching and a fifth metric (Observability Score Ratio) to yield TIVS-O, investigating how defence effectiveness interacts with transparency in a HOPE-inspired Nested Learning architecture. The proposed system combines an agentic pipeline with Continuum Memory Systems that implement semantic similarity-based caching across 301 synthetically generated injection-focused prompts drawn from ten attack families, while a fourth agent performs comprehensive security analysis using five key performance indicators. In addition to traditional injection metrics, OSR quantifies the richness and clarity of security-relevant reasoning exposed by each agent, enabling an explicit analysis of trade-offs between strict mitigation and auditability. Experiments show that the system achieves secure responses with zero high-risk breaches, while semantic caching delivers substantial computational savings, achieving a 41.6% reduction in LLM calls and corresponding decreases in latency, energy consumption, and carbon emissions. Five TIVS-O configurations reveal optimal trade-offs between mitigation strictness and forensic transparency. These results indicate that observability-aware evaluation can reveal non-monotonic effects within multi-agent pipelines and that memory-augmented agents can jointly maximize security robustness, real-time performance, operational cost savings, and environmental sustainability without modifying underlying model weights, providing a production-ready pathway for secure and green LLM deployments.

Prompt Injection Mitigation with Agentic AI, Nested Learning, and AI Sustainability via Semantic Caching

TL;DR

Results indicate that observability-aware evaluation can reveal non-monotonic effects within multi-agent pipelines and that memory-augmented agents can jointly maximize security robustness, real-time performance, operational cost savings, and environmental sustainability without modifying underlying model weights.

Abstract

Prompt injection remains a central obstacle to the safe deployment of large language models, particularly in multi-agent settings where intermediate outputs can propagate or amplify malicious instructions. Building on earlier work that introduced a four-metric Total Injection Vulnerability Score (TIVS), this paper extends the evaluation framework with semantic similarity-based caching and a fifth metric (Observability Score Ratio) to yield TIVS-O, investigating how defence effectiveness interacts with transparency in a HOPE-inspired Nested Learning architecture. The proposed system combines an agentic pipeline with Continuum Memory Systems that implement semantic similarity-based caching across 301 synthetically generated injection-focused prompts drawn from ten attack families, while a fourth agent performs comprehensive security analysis using five key performance indicators. In addition to traditional injection metrics, OSR quantifies the richness and clarity of security-relevant reasoning exposed by each agent, enabling an explicit analysis of trade-offs between strict mitigation and auditability. Experiments show that the system achieves secure responses with zero high-risk breaches, while semantic caching delivers substantial computational savings, achieving a 41.6% reduction in LLM calls and corresponding decreases in latency, energy consumption, and carbon emissions. Five TIVS-O configurations reveal optimal trade-offs between mitigation strictness and forensic transparency. These results indicate that observability-aware evaluation can reveal non-monotonic effects within multi-agent pipelines and that memory-augmented agents can jointly maximize security robustness, real-time performance, operational cost savings, and environmental sustainability without modifying underlying model weights, providing a production-ready pathway for secure and green LLM deployments.
Paper Structure (45 sections, 14 equations, 19 figures, 9 tables)

This paper contains 45 sections, 14 equations, 19 figures, 9 tables.

Figures (19)

  • Figure 1: OFP-based multi-agent pipeline. The user submits a prompt via OFP_REQUEST; the Front-End Agent produces an initial response (OFP_RESPONSE); the Guard-Sanitizer reviews and sanitizes it (OFP_REVIEW); and the Policy Enforcer delivers the final output (OFP_FINAL) back to the user. A separate KPI Evaluator receives all intermediate outputs to compute injection vulnerability metrics (TIVS-O and OSR) over the full pipeline.
  • Figure 2: Agent–CMS pairing. Each of the three main agents is equipped with a dedicated Continuum Memory System that maintains medium-term memory (MTM) for recent prompts and long-term memory (LTM) for frequently recurring patterns, as described in Section \ref{['sec:nested']}.
  • Figure 3: Nested Learning memory consolidation flow. User prompts are embedded and checked against MTM cache ($\tau=0.87$ threshold). Cache misses trigger LLM inference, with responses stored in MTM using LRU eviction. Periodic consolidation (every 10-100 prompts) promotes frequently accessed entries from MTM to LTM using LFU policy.
  • Figure 4: Agent generation controller decision flow. The controller coordinates cache lookups, LLM invocations, and memory updates according to configured update frequencies (Frontend: MTM every 10 prompts, Guard-Sanitizer/Policy Enforcer: every 5 prompts).
  • Figure 5: Experimental pipeline execution flow. Each of 301 prompts flows through the three-agent pipeline with CMS lookups ($\tau=0.87$) at each stage. The KPI Evaluator (fourth agent) receives all intermediate outputs to compute ISR, POF, PSR, CCS, and OSR metrics, enabling TIVS-O calculation across five configurations.
  • ...and 14 more figures