disreGUARD
@disreguard.com
AI security research lab focused on building infrastructure and patterns to defend against prompt injection
from cofounders of `npm audit` and Code4rena
disreguard.com
from cofounders of `npm audit` and Code4rena
disreguard.com
There is no silver bullet for prompt injection, but `sig` addresses one of the most tricky challenges:
LLMs are dealing with a wall of text. Distinctions between trusted instructions and untrusted text are flimsy at best.
By involving the model, we can add texture to make trust boundaries clearer.
LLMs are dealing with a wall of text. Distinctions between trusted instructions and untrusted text are flimsy at best.
By involving the model, we can add texture to make trust boundaries clearer.
February 10, 2026 at 12:16 AM
There is no silver bullet for prompt injection, but `sig` addresses one of the most tricky challenges:
LLMs are dealing with a wall of text. Distinctions between trusted instructions and untrusted text are flimsy at best.
By involving the model, we can add texture to make trust boundaries clearer.
LLMs are dealing with a wall of text. Distinctions between trusted instructions and untrusted text are flimsy at best.
By involving the model, we can add texture to make trust boundaries clearer.
`sig` is a simple tool. The concept works like this:
- sign genuine system and user instructions
- require mutations to system prompts to be signed
- give model a tool to verify instructions are genuine
- gate critical tool usage on the model calling verify()
- sign genuine system and user instructions
- require mutations to system prompts to be signed
- give model a tool to verify instructions are genuine
- gate critical tool usage on the model calling verify()
February 10, 2026 at 12:16 AM
`sig` is a simple tool. The concept works like this:
- sign genuine system and user instructions
- require mutations to system prompts to be signed
- give model a tool to verify instructions are genuine
- gate critical tool usage on the model calling verify()
- sign genuine system and user instructions
- require mutations to system prompts to be signed
- give model a tool to verify instructions are genuine
- gate critical tool usage on the model calling verify()
Can we give an agent a tool to check which instructions it should actually follow?
And if we do, can we make sure it uses it?
Yes, and yes.
disreguard.com/blog/posts/s...
And if we do, can we make sure it uses it?
Yes, and yes.
disreguard.com/blog/posts/s...
sig: instruction signing for prompt injection defense
We can create a clear trust boundary by signing instructions and giving models a tool to participate in making secure choices
disreguard.com
February 9, 2026 at 11:54 PM
Can we give an agent a tool to check which instructions it should actually follow?
And if we do, can we make sure it uses it?
Yes, and yes.
disreguard.com/blog/posts/s...
And if we do, can we make sure it uses it?
Yes, and yes.
disreguard.com/blog/posts/s...
Reposted by disreGUARD
For the last year, I've been heads down working on building infrastructure to better defend against prompt injection.
@disreguard.com is a security research lab focused on tools and methods for ergonomic approaches for the rigorous defense-in-depth needed for agents.
disreguard.com/blog/posts/p...
@disreguard.com is a security research lab focused on tools and methods for ergonomic approaches for the rigorous defense-in-depth needed for agents.
disreguard.com/blog/posts/p...
Injection is inevitable. Disaster is optional.
Prompt injection is an infrastructure problem. We can't prevent it, but we can massively reduce the risk and impact.
disreguard.com
February 9, 2026 at 11:50 PM
For the last year, I've been heads down working on building infrastructure to better defend against prompt injection.
@disreguard.com is a security research lab focused on tools and methods for ergonomic approaches for the rigorous defense-in-depth needed for agents.
disreguard.com/blog/posts/p...
@disreguard.com is a security research lab focused on tools and methods for ergonomic approaches for the rigorous defense-in-depth needed for agents.
disreguard.com/blog/posts/p...