Large language models (LLMs) often fail to robustly distinguish among multiple input roles—e.g., system instructions, user queries, and tool outputs—relying instead on superficial heuristics (e.g., task type or token position) rather than genuine semantic role boundaries. Method: The authors first systematically identify and formalize two classes of implicit shortcuts undermining role separation, then propose a mechanism-level intervention: position-ID modulation, which remaps positional encodings to strengthen role-boundary-invariant signals—going beyond data-augmentation-based fixes. Contribution/Results: Evaluated within a controlled experimental framework featuring token-wise encoding control and fine-grained assessment protocols, the method significantly reduces reliance on spurious cues. It improves role-discrimination accuracy, cross-task generalization, and robustness against prompt injection attacks across diverse LLMs.

Large language models (LLMs) that integrate multiple input roles (e.g., system instructions, user queries, external tool outputs) are increasingly prevalent in practice. Ensuring that the model accurately distinguishes messages from each role -- a concept we call emph{role separation} -- is crucial for consistent multi-role behavior. Although recent work often targets state-of-the-art prompt injection defenses, it remains unclear whether such methods truly teach LLMs to differentiate roles or merely memorize known triggers. In this paper, we examine emph{role-separation learning}: the process of teaching LLMs to robustly distinguish system and user tokens. Through a emph{simple, controlled experimental framework}, we find that fine-tuned models often rely on two proxies for role identification: (1) task type exploitation, and (2) proximity to begin-of-text. Although data augmentation can partially mitigate these shortcuts, it generally leads to iterative patching rather than a deeper fix. To address this, we propose reinforcing emph{invariant signals} that mark role boundaries by adjusting token-wise cues in the model's input encoding. In particular, manipulating position IDs helps the model learn clearer distinctions and reduces reliance on superficial proxies. By focusing on this mechanism-centered perspective, our work illuminates how LLMs can more reliably maintain consistent multi-role behavior without merely memorizing known prompts or triggers.