Prompt Injection Defence Atlas (PIDA) is a curated markdown taxonomy of defences against prompt injection attacks. It organizes papers, tools, benchmarks, and attack references into an Obsidian-style graph. The aim of PIDA is to maintain a structured, evidence-backed map of prompt injection defences: what each technique does, how it relates to neighboring ideas, and what evaluation evidence supports it.
The taxonomy root is Overview.md. The taxonomy structure is described in Taxonomy Conventions.md.
Explore the live graph (created using werew/scrymap).
- Overview.md - root taxonomy node with the top-level defence families and cross-category evaluation highlights
- Top-level technique folders - category trees such as
Architectural Isolation/,Detection/, etc.. these might change in future - Sources/ - source notes for defence papers, attacks, benchmarks, reviews, and tools
- Taxonomy Conventions.md - the authoritative rules for node structure, citations, relationships, and evaluation propagation
The taxonomy is big and deeply interconnected. The best way to navigate it is using scrymap and apply filters to create dedicated views. You can use the live instance here or run it locally:
cd scrymap/ && npm run dev -- <path to pida>Obsidian is also a good alternative.
While exploring the taxonomy:
- Start at Overview.md.
- Follow
down::links from broad categories into narrower technique nodes and then into source notes. - Treat category nodes as concept summaries, and source nodes as short reading notes tied to specific papers, tools, benchmarks, or attacks.
- Use Taxonomy Conventions.md to understand what relationships such as
improves-on::,embeds::,evaluates::, andevaluated-on::mean. - Read evaluation tables as compact evidence summaries, not as exhaustive reproductions of every result in every descendant node.
Warning
Much of this repository is AI-assisted and many source notes are AI-generated summaries. Use the taxonomy as a navigation and synthesis aid, not as the final authority. Always consult the original paper, benchmark, tool documentation, or project page before relying on a claim, number, or interpretation.
Pull requests enriching or adjusting the content of the taxonomy are always welcome.
When editing the repository:
- keep
Overview.mdas the graph root - use Taxonomy Conventions.md as the source of truth for how the taxonomy is organized
- update parent nodes and relationships when you rename or move taxonomy files
- preserve the evaluation tables instead of appending uncontrolled duplicates
- run
python validate_graph.pyfrom the repo root after changes
/ingest <path-or-url>- add a new paper, tool, benchmark, attack, or review to the taxonomy. Use this when you want the repository to acquire the source, create or enrich the reading note, place it in the taxonomy, and propagate evaluation data upward./review_taxonomy- audit and repair the taxonomy. Use this when you want to check for structural issues, broken or misplaced citations, missing relationships, and convention violations across the graph.