Cognitive Firewall: A Proactive, Zero-Trust, Multi-Gate Framework for LLM Safety

📅 2026-07-01
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the critical gap in runtime defenses of current large language models against cross-turn, fragmented, or obfuscated harmful requests. The authors propose an active safety framework that interposes an independent supervisory model between the user and the target model, introducing a novel four-gate mechanism integrating intent recognition, zero-trust context evaluation, cross-turn consistency verification, and output risk assessment. Instead of conventional score averaging, the framework employs a risk signal escalation strategy to enable auditable, real-time interception. Evaluated on four established jailbreaking benchmarks and a benign test set, the approach reduces success rates of three attack categories to below 2%, suppresses the strongest human-crafted attacks to 14%, and maintains a low over-blocking rate of only 8%.
📝 Abstract
Large language models (LLMs) can be induced to produce harmful content through multi turn strategies in which no single user message appears clearly unsafe. Existing runtime safeguards commonly evaluate prompts or responses as isolated messages, which limits their ability to recover ac-cumulated intent, verify asserted authority, or detect harmful objectives decomposed across a dialogue. This paper presents the Cognitive Firewall, a proactive runtime oversight framework that interposes an independent oversight model between a user and a protected target mod l. The framework decomposes safety assessment into four categorical gates: an intent gate that identi-fies the operational objective of a request, a zero trust context gate that treats claimed roles and permissions as unverified evidence, a consistency gate that detects escalation and decomposition across turns, and an output risk gate that inspects candidate responses before release. Gate decisions are combined through escalation rather than score averaging, allowing any confident danger signal to block an interaction while preserving an auditable rationale. Experiments on four jailbreak benchmarks and a benign safety test set show that the Cognitive Firewall substantially reduces attack success across single turn, multi turn, authority based, and human crafted attacks. It lowers attack success to 2 percent or below on three attack sets and to 14 percent on the most difficult human crafted set, while maintaining an 8 percent over refusal rate. These results indicate that decomposed, conversation level oversight can improve proactive containment and auditability for LLM safety.
Problem

Research questions and friction points this paper is trying to address.

LLM safety
multi-turn jailbreak
runtime safeguards
harmful content detection
zero-trust
Innovation

Methods, ideas, or system contributions that make the work stand out.

Cognitive Firewall
zero-trust
multi-gate framework
LLM safety
proactive oversight