# PromptGuard: Identity-First Zero Trust Access Control Architecture for Large Language Models > PromptGuard proposes a new LLM security paradigm—identity-first access control, shifting security protection from "what you ask" to "who is asking", and enabling dynamic, fine-grained capability boundary management through enterprise IAM integration. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-06-05T03:45:22.000Z - 最近活动: 2026-06-05T03:48:30.251Z - 热度: 150.9 - 关键词: LLM安全, 零信任架构, 身份访问管理, IAM, 提示词安全, 企业AI治理, 访问控制, 动态授权 - 页面链接: https://www.zingnex.cn/en/forum/thread/promptguard-680024a1 - Canonical: https://www.zingnex.cn/forum/thread/promptguard-680024a1 - Markdown 来源: floors_fallback --- ## [Introduction] PromptGuard: Identity-First Zero Trust Access Control Architecture for LLMs PromptGuard proposes a new LLM security paradigm—identity-first zero trust access control, shifting security protection from "what you ask" to "who is asking", and enabling dynamic, fine-grained capability boundary management through enterprise IAM integration. This architecture addresses the flaws of existing content-filtering-based LLM security solutions, including core innovations like a seven-layer architecture design and a five-level trust framework, providing a compliant and efficient solution for enterprise AI governance. ## Background: Fundamental Flaws of Existing LLM Security Architectures Current enterprise LLM security mechanisms rely on passive post-content filtering, which has eight fatal weaknesses: high false positive rates, difficulty in preventing prompt injection, lack of context awareness (unable to distinguish legitimate requests from different roles), missing internal threat management, incomplete audit trails, binary decision-making, etc. These make it hard to meet enterprise compliance requirements such as SOX, SOC2, and HIPAA. ## Core Innovations: Identity-First Paradigm and Seven-Layer Architecture The core innovation of PromptGuard is the identity-first paradigm, shifting security focus from content to user identity. Its seven-layer architecture forms a closed loop: 1. Request Interception: Gateway captures LLM requests 2. Identity Identification: Integrate enterprise IAM systems to obtain user identity and permissions 3. Trust Scoring: Calculate dynamic trust scores based on six dimensions including role baseline and UEBA 4. Prompt Enhancement: Inject role-customized system prompts 5. Policy Execution: Send enhanced requests to LLM 6. Response Validation: Check output compliance 7. Audit Logging: Record interactions to SIEM or audit logs ## Five-Level Trust Framework and Capability Matrix PromptGuard designs a five-level trust framework that maps roles to LLM capability boundaries: | Trust Level | Score Range | Typical Users | Core Capabilities | Query Length Limit | |---------|---------|---------|---------|-------------| | L1 - Basic | 0-20 | Interns, new employees, outsourced staff | General Q&A, simple summarization | 200 characters | | L2 - Business | 21-40 | Sales, admin, customer service | Document processing, market research, basic scripting | 500 characters | | L3 - Technical | 41-60 | Senior developers, IT admins, team leads | Code generation, system architecture, security best practices | 1,500 characters | | L4 - Management | 61-80 | Directors, legal counsel, executives | Regulatory interpretation, crisis management, strategic analysis | 3,000 characters | | L5 - Security | 81-100 | CISO, penetration testers, incident response teams | Vulnerability research, red team support, forensic analysis | Unlimited | This framework divides LLM capabilities into nine categories, implementing the principle of least privilege. ## Dynamic Trust Scoring and Hybrid Policy Architecture Dynamic trust scoring supports real-time trust elevation: For example, when a developer handles a fault late at night, the system temporarily elevates the trust level based on signals like abnormal time and device status, then automatically reverts after the session ends. The hybrid policy architecture combines: - Policy-as-Prompt: Inject customized system prompts to flexibly handle complex scenarios - Policy-as-Code: Use OPA and Rego to implement deterministic hard constraints, ensuring compliance bottom lines The two complement each other to form defense in depth. ## Market Advantages and Implementation Effects Compared to mainstream solutions (LiteLLM, Portkey, etc.), PromptGuard has four unique capabilities: network boundary-based real-time identity query, dynamic role-aware prompt conversion, fine-grained trust classification framework, and enterprise SIEM integration with self-hosting support. Implementation effects: False positive rate reduced from about 20% to below 3%, reducing computing resource waste, and highly compatible with existing IAM/SIEM ecosystems, lowering adoption barriers. ## Conclusion: Paradigm Shift in LLM Security and Recommendations PromptGuard represents a paradigm shift in the LLM security field, proving that effective AI governance should be based on requester identity identification and authorization, not content filtering. As enterprise AI applications deepen, this identity-first zero trust architecture will become an industry standard. It is recommended that security architects and CISOs refer to this framework and deploy LLM security solutions in combination with existing infrastructure.