Prompt injection and jailbreaking attacks pose persistent security challenges to large language model (LLM)-based systems. We present PromptScreen, an efficient and systematically evaluated defense architecture that mitigates these threats through a lightweight, multi-stage pipeline. Its core component is a semantic filter based on text normalization, TF-IDF representations, and a Linear SVM classifier. Despite its simplicity, this module achieves 93.4% accuracy and 96.5% specificity on held-out data, substantially reducing attack throughput while incurring negligible computational overhead. Building on this efficient foundation, the full pipeline integrates complementary detection and mitigation mechanisms that operate at successive stages, providing strong robustness with minimal latency. In comparative experiments, our SVM-based configuration improves overall accuracy from 35.1% to 93.4% while reducing average time-to-completion from approximately 450 s to 47 s, yielding over 10 times lower latency than ShieldGemma. These results demonstrate that the proposed design simultaneously advances defensive precision and efficiency, addressing a core limitation of current model-based moderators. Evaluation across a curated corpus of over 30,000 labeled prompts, including benign, jailbreak, and application-layer injections, confirms that staged, resource-efficient defenses can robustly secure modern LLM-driven applications.

翻译：提示注入与越狱攻击对基于大语言模型（LLM）的系统构成了持续的安全挑战。本文提出PromptScreen，一种经过系统评估的高效防御架构，通过轻量级多阶段流水线缓解此类威胁。其核心组件是一个基于文本归一化、TF-IDF表示和线性支持向量机（SVM）分类器的语义过滤器。尽管设计简洁，该模块在预留测试数据上实现了93.4%的准确率和96.5%的特异性，在显著降低攻击吞吐量的同时仅带来可忽略的计算开销。在此高效基础上，完整流水线集成了在连续阶段运行的互补检测与缓解机制，以极低延迟提供强大的鲁棒性。对比实验中，我们基于SVM的配置将整体准确率从35.1%提升至93.4%，同时将平均完成时间从约450秒缩短至47秒，延迟较ShieldGemma降低超过10倍。这些结果表明，所提出的设计在提升防御精度与效率方面同步取得进展，解决了当前基于模型的审核系统的核心局限。通过对包含良性提示、越狱攻击及应用层注入在内的超过30,000条标注提示语料库进行评估，证实了分阶段、资源高效的防御方案能够为现代LLM驱动应用提供可靠安全保障。