DecipherGuard: Understanding and Deciphering Jailbreak Prompts for a Safer Deployment of Intelligent Software Systems Article Swipe

PDF

Rui Yang , Michael C. Fu , Chakkrit Tantithamthavorn , Chetan Arora , Gunel Gulmammadova , Joey Chua ·

YOU? · · 2025 · Open Access · · DOI: https://doi.org/10.48550/arxiv.2509.16870

Intelligent software systems powered by Large Language Models (LLMs) are increasingly deployed in critical sectors, raising concerns about their safety during runtime. Through an industry-academic collaboration when deploying an LLM-powered virtual customer assistant, a critical software engineering challenge emerged: how to enhance a safer deployment of LLM-powered software systems at runtime? While LlamaGuard, the current state-of-the-art runtime guardrail, offers protection against unsafe inputs, our study reveals a Defense Success Rate (DSR) drop of 24% under obfuscation- and template-based jailbreak attacks. In this paper, we propose DecipherGuard, a novel framework that integrates a deciphering layer to counter obfuscation-based prompts and a low-rank adaptation mechanism to enhance guardrail effectiveness against template-based attacks. Empirical evaluation on over 22,000 prompts demonstrates that DecipherGuard improves DSR by 36% to 65% and Overall Guardrail Performance (OGP) by 20% to 50% compared to LlamaGuard and two other runtime guardrails. These results highlight the effectiveness of DecipherGuard in defending LLM-powered software systems against jailbreak attacks during runtime.

Related Topics

Truth And Reconciliation Commission Of Canada

2025 Nba Draft

28 Years Later

Reich Ministry Of Public Enlightenment And Propaganda

Mahmood Mamdani

Rick Hurst

Concepts

No concepts available.

Metadata

Type: preprint
Language: en
Landing Page: http://arxiv.org/abs/2509.16870
PDF: https://arxiv.org/pdf/2509.16870
OA Status: green
OpenAlex ID: https://openalex.org/W4415252640

All OpenAlex metadata

Raw OpenAlex JSON

OpenAlex ID: https://openalex.org/W4415252640

Canonical identifier for this work in OpenAlex
DOI: https://doi.org/10.48550/arxiv.2509.16870

Digital Object Identifier
Title: DecipherGuard: Understanding and Deciphering Jailbreak Prompts for a Safer Deployment of Intelligent Software Systems

Work title
Type: preprint

OpenAlex work type
Language: en

Primary language
Publication year: 2025

Year of publication
Publication date: 2025-09-21

Full publication date if available
Authors: Rui Yang, Michael C. Fu, Chakkrit Tantithamthavorn, Chetan Arora, Gunel Gulmammadova, Joey Chua

List of authors in order
Landing page: https://arxiv.org/abs/2509.16870

Publisher landing page
PDF URL: https://arxiv.org/pdf/2509.16870

Direct link to full text PDF
Open access: Yes

Whether a free full text is available
OA status: green

Open access status per OpenAlex
OA URL: https://arxiv.org/pdf/2509.16870

Direct OA link when available
Cited by: 0

Total citation count in OpenAlex

Full payload

id	https://openalex.org/W4415252640
doi	https://doi.org/10.48550/arxiv.2509.16870
ids.doi	https://doi.org/10.48550/arxiv.2509.16870
ids.openalex	https://openalex.org/W4415252640
fwci
type	preprint
title	DecipherGuard: Understanding and Deciphering Jailbreak Prompts for a Safer Deployment of Intelligent Software Systems
biblio.issue
biblio.volume
biblio.last_page
biblio.first_page
topics[0].id	https://openalex.org/T10734
topics[0].field.id	https://openalex.org/fields/17
topics[0].field.display_name	Computer Science
topics[0].score	0.986299991607666
topics[0].domain.id	https://openalex.org/domains/3
topics[0].domain.display_name	Physical Sciences
topics[0].subfield.id	https://openalex.org/subfields/1710
topics[0].subfield.display_name	Information Systems
topics[0].display_name	Information and Cyber Security
topics[1].id	https://openalex.org/T11241
topics[1].field.id	https://openalex.org/fields/17
topics[1].field.display_name	Computer Science
topics[1].score	0.9484999775886536
topics[1].domain.id	https://openalex.org/domains/3
topics[1].domain.display_name	Physical Sciences
topics[1].subfield.id	https://openalex.org/subfields/1711
topics[1].subfield.display_name	Signal Processing
topics[1].display_name	Advanced Malware Detection Techniques
topics[2].id	https://openalex.org/T12034
topics[2].field.id	https://openalex.org/fields/17
topics[2].field.display_name	Computer Science
topics[2].score	0.939300000667572
topics[2].domain.id	https://openalex.org/domains/3
topics[2].domain.display_name	Physical Sciences
topics[2].subfield.id	https://openalex.org/subfields/1710
topics[2].subfield.display_name	Information Systems
topics[2].display_name	Digital and Cyber Forensics
is_xpac	False
apc_list
apc_paid
language	en
locations[0].id	pmh:oai:arXiv.org:2509.16870
locations[0].is_oa	True
locations[0].source.id	https://openalex.org/S4306400194
locations[0].source.issn
locations[0].source.type	repository
locations[0].source.is_oa	True
locations[0].source.issn_l
locations[0].source.is_core	False
locations[0].source.is_in_doaj	False
locations[0].source.display_name	arXiv (Cornell University)
locations[0].source.host_organization	https://openalex.org/I205783295
locations[0].source.host_organization_name	Cornell University
locations[0].source.host_organization_lineage	https://openalex.org/I205783295
locations[0].license
locations[0].pdf_url	https://arxiv.org/pdf/2509.16870
locations[0].version	submittedVersion
locations[0].raw_type	text
locations[0].license_id
locations[0].is_accepted	False
locations[0].is_published	False
locations[0].raw_source_name
locations[0].landing_page_url	http://arxiv.org/abs/2509.16870
locations[1].id	doi:10.48550/arxiv.2509.16870
locations[1].is_oa	True
locations[1].source.id	https://openalex.org/S4306400194
locations[1].source.issn
locations[1].source.type	repository
locations[1].source.is_oa	True
locations[1].source.issn_l
locations[1].source.is_core	False
locations[1].source.is_in_doaj	False
locations[1].source.display_name	arXiv (Cornell University)
locations[1].source.host_organization	https://openalex.org/I205783295
locations[1].source.host_organization_name	Cornell University
locations[1].source.host_organization_lineage	https://openalex.org/I205783295
locations[1].license	cc-by
locations[1].pdf_url
locations[1].version
locations[1].raw_type	article
locations[1].license_id	https://openalex.org/licenses/cc-by
locations[1].is_accepted	False
locations[1].is_published
locations[1].raw_source_name
locations[1].landing_page_url	https://doi.org/10.48550/arxiv.2509.16870
indexed_in	arxiv, datacite
authorships[0].author.id	https://openalex.org/A5039983188
authorships[0].author.orcid	https://orcid.org/0000-0002-3209-0456
authorships[0].author.display_name	Rui Yang
authorships[0].author_position	first
authorships[0].raw_author_name	Yang, Rui
authorships[0].is_corresponding	False
authorships[1].author.id	https://openalex.org/A5102710465
authorships[1].author.orcid	https://orcid.org/0000-0001-7211-3491
authorships[1].author.display_name	Michael C. Fu
authorships[1].author_position	middle
authorships[1].raw_author_name	Fu, Michael
authorships[1].is_corresponding	False
authorships[2].author.id	https://openalex.org/A5081449581
authorships[2].author.orcid	https://orcid.org/0000-0002-5516-9984
authorships[2].author.display_name	Chakkrit Tantithamthavorn
authorships[2].author_position	middle
authorships[2].raw_author_name	Tantithamthavorn, Chakkrit
authorships[2].is_corresponding	False
authorships[3].author.id	https://openalex.org/A5019739552
authorships[3].author.orcid	https://orcid.org/0000-0003-1466-7386
authorships[3].author.display_name	Chetan Arora
authorships[3].author_position	middle
authorships[3].raw_author_name	Arora, Chetan
authorships[3].is_corresponding	False
authorships[4].author.id	https://openalex.org/A5119812678
authorships[4].author.orcid
authorships[4].author.display_name	Gunel Gulmammadova
authorships[4].author_position	middle
authorships[4].raw_author_name	Gulmammadova, Gunel
authorships[4].is_corresponding	False
authorships[5].author.id	https://openalex.org/A5116748729
authorships[5].author.orcid
authorships[5].author.display_name	Joey Chua
authorships[5].author_position	last
authorships[5].raw_author_name	Chua, Joey
authorships[5].is_corresponding	False
has_content.pdf	False
has_content.grobid_xml	False
is_paratext	False
open_access.is_oa	True
open_access.oa_url	https://arxiv.org/pdf/2509.16870
open_access.oa_status	green
open_access.any_repository_has_fulltext	False
created_date	2025-10-16T00:00:00
display_name	DecipherGuard: Understanding and Deciphering Jailbreak Prompts for a Safer Deployment of Intelligent Software Systems
has_fulltext	False
is_retracted	False
updated_date	2025-11-06T06:51:31.235846
primary_topic.id	https://openalex.org/T10734
primary_topic.field.id	https://openalex.org/fields/17
primary_topic.field.display_name	Computer Science
primary_topic.score	0.986299991607666
primary_topic.domain.id	https://openalex.org/domains/3
primary_topic.domain.display_name	Physical Sciences
primary_topic.subfield.id	https://openalex.org/subfields/1710
primary_topic.subfield.display_name	Information Systems
primary_topic.display_name	Information and Cyber Security
cited_by_count	0
locations_count	2
best_oa_location.id	pmh:oai:arXiv.org:2509.16870
best_oa_location.is_oa	True
best_oa_location.source.id	https://openalex.org/S4306400194
best_oa_location.source.issn
best_oa_location.source.type	repository
best_oa_location.source.is_oa	True
best_oa_location.source.issn_l
best_oa_location.source.is_core	False
best_oa_location.source.is_in_doaj	False
best_oa_location.source.display_name	arXiv (Cornell University)
best_oa_location.source.host_organization	https://openalex.org/I205783295
best_oa_location.source.host_organization_name	Cornell University
best_oa_location.source.host_organization_lineage	https://openalex.org/I205783295
best_oa_location.license
best_oa_location.pdf_url	https://arxiv.org/pdf/2509.16870
best_oa_location.version	submittedVersion
best_oa_location.raw_type	text
best_oa_location.license_id
best_oa_location.is_accepted	False
best_oa_location.is_published	False
best_oa_location.raw_source_name
best_oa_location.landing_page_url	http://arxiv.org/abs/2509.16870
primary_location.id	pmh:oai:arXiv.org:2509.16870
primary_location.is_oa	True
primary_location.source.id	https://openalex.org/S4306400194
primary_location.source.issn
primary_location.source.type	repository
primary_location.source.is_oa	True
primary_location.source.issn_l
primary_location.source.is_core	False
primary_location.source.is_in_doaj	False
primary_location.source.display_name	arXiv (Cornell University)
primary_location.source.host_organization	https://openalex.org/I205783295
primary_location.source.host_organization_name	Cornell University
primary_location.source.host_organization_lineage	https://openalex.org/I205783295
primary_location.license
primary_location.pdf_url	https://arxiv.org/pdf/2509.16870
primary_location.version	submittedVersion
primary_location.raw_type	text
primary_location.license_id
primary_location.is_accepted	False
primary_location.is_published	False
primary_location.raw_source_name
primary_location.landing_page_url	http://arxiv.org/abs/2509.16870
publication_date	2025-09-21
publication_year	2025
referenced_works_count	0
abstract_inverted_index.a	33, 42, 66, 86, 91, 99
abstract_inverted_index.In	80
abstract_inverted_index.an	23, 28
abstract_inverted_index.at	49
abstract_inverted_index.by	4, 121, 130
abstract_inverted_index.in	12, 149
abstract_inverted_index.of	45, 72, 147
abstract_inverted_index.on	112
abstract_inverted_index.to	40, 94, 103, 123, 132, 135
abstract_inverted_index.we	83
abstract_inverted_index.20%	131
abstract_inverted_index.24%	73
abstract_inverted_index.36%	122
abstract_inverted_index.50%	133
abstract_inverted_index.65%	124
abstract_inverted_index.DSR	120
abstract_inverted_index.and	76, 98, 125, 137
abstract_inverted_index.are	9
abstract_inverted_index.how	39
abstract_inverted_index.our	63
abstract_inverted_index.the	53, 145
abstract_inverted_index.two	138
abstract_inverted_index.Rate	69
abstract_inverted_index.drop	71
abstract_inverted_index.over	113
abstract_inverted_index.that	89, 117
abstract_inverted_index.this	81
abstract_inverted_index.when	26
abstract_inverted_index.(DSR)	70
abstract_inverted_index.(OGP)	129
abstract_inverted_index.Large	5
abstract_inverted_index.These	142
abstract_inverted_index.While	51
abstract_inverted_index.about	17
abstract_inverted_index.layer	93
abstract_inverted_index.novel	87
abstract_inverted_index.other	139
abstract_inverted_index.safer	43
abstract_inverted_index.study	64
abstract_inverted_index.their	18
abstract_inverted_index.under	74
abstract_inverted_index.(LLMs)	8
abstract_inverted_index.22,000	114
abstract_inverted_index.Models	7
abstract_inverted_index.during	20, 157
abstract_inverted_index.offers	58
abstract_inverted_index.paper,	82
abstract_inverted_index.safety	19
abstract_inverted_index.unsafe	61
abstract_inverted_index.Defense	67
abstract_inverted_index.Overall	126
abstract_inverted_index.Success	68
abstract_inverted_index.Through	22
abstract_inverted_index.against	60, 107, 154
abstract_inverted_index.attacks	156
abstract_inverted_index.counter	95
abstract_inverted_index.current	54
abstract_inverted_index.enhance	41, 104
abstract_inverted_index.inputs,	62
abstract_inverted_index.powered	3
abstract_inverted_index.prompts	97, 115
abstract_inverted_index.propose	84
abstract_inverted_index.raising	15
abstract_inverted_index.results	143
abstract_inverted_index.reveals	65
abstract_inverted_index.runtime	56, 140
abstract_inverted_index.systems	2, 48, 153
abstract_inverted_index.virtual	30
abstract_inverted_index.Language	6
abstract_inverted_index.attacks.	79, 109
abstract_inverted_index.compared	134
abstract_inverted_index.concerns	16
abstract_inverted_index.critical	13, 34
abstract_inverted_index.customer	31
abstract_inverted_index.deployed	11
abstract_inverted_index.emerged:	38
abstract_inverted_index.improves	119
abstract_inverted_index.low-rank	100
abstract_inverted_index.runtime.	21, 158
abstract_inverted_index.runtime?	50
abstract_inverted_index.sectors,	14
abstract_inverted_index.software	1, 35, 47, 152
abstract_inverted_index.Empirical	110
abstract_inverted_index.Guardrail	127
abstract_inverted_index.challenge	37
abstract_inverted_index.defending	150
abstract_inverted_index.deploying	27
abstract_inverted_index.framework	88
abstract_inverted_index.guardrail	105
abstract_inverted_index.highlight	144
abstract_inverted_index.jailbreak	78, 155
abstract_inverted_index.mechanism	102
abstract_inverted_index.LlamaGuard	136
abstract_inverted_index.adaptation	101
abstract_inverted_index.assistant,	32
abstract_inverted_index.deployment	44
abstract_inverted_index.evaluation	111
abstract_inverted_index.guardrail,	57
abstract_inverted_index.integrates	90
abstract_inverted_index.protection	59
abstract_inverted_index.Intelligent	0
abstract_inverted_index.LLM-powered	29, 46, 151
abstract_inverted_index.LlamaGuard,	52
abstract_inverted_index.Performance	128
abstract_inverted_index.deciphering	92
abstract_inverted_index.engineering	36
abstract_inverted_index.guardrails.	141
abstract_inverted_index.demonstrates	116
abstract_inverted_index.increasingly	10
abstract_inverted_index.obfuscation-	75
abstract_inverted_index.DecipherGuard	118, 148
abstract_inverted_index.collaboration	25
abstract_inverted_index.effectiveness	106, 146
abstract_inverted_index.DecipherGuard,	85
abstract_inverted_index.template-based	77, 108
abstract_inverted_index.state-of-the-art	55
abstract_inverted_index.industry-academic	24
abstract_inverted_index.obfuscation-based	96
cited_by_percentile_year
countries_distinct_count	0
institutions_distinct_count	6
citation_normalized_percentile