Static Analysis for LLM Prompt Security: A Methodology for Pre-Deploy Vulnerability Detection.

Short summary

Most LLM security focuses on runtime interception, but vulnerabilities originate in source code — system prompts and role definitions developers hardcode into applications. Static analysis using AST parsing can detect these pre-deployment, complementing runtime screening. PromptSonar demonstrates this approach across six languages with framework pattern detection, heuristic scanning, and normalization to catch prompt injection, jailbreak patterns, and capability creep in code review.

• •Static analysis catches prompt vulnerabilities in source code before deployment
• •Runtime screening and static analysis are complementary security layers
• •Tree-sitter AST parsing supports six languages for prompt extraction and policy enforcement

Generated with AI, which can make mistakes.