pith. sign in

arxiv: 2502.11448 · v2 · pith:46VWUD6Znew · submitted 2025-02-17 · 💻 cs.AI

AGrail: A Lifelong Agent Guardrail with Effective and Adaptive Safety Detection

classification 💻 cs.AI
keywords risksagentsafetyagentsagrailadaptivecheckdemonstrate
0
0 comments X
read the original abstract

The rapid advancements in Large Language Models (LLMs) have enabled their deployment as autonomous agents for handling complex tasks in dynamic environments. These LLMs demonstrate strong problem-solving capabilities and adaptability to multifaceted scenarios. However, their use as agents also introduces significant risks, including task-specific risks, which are identified by the agent administrator based on the specific task requirements and constraints, and systemic risks, which stem from vulnerabilities in their design or interactions, potentially compromising confidentiality, integrity, or availability (CIA) of information and triggering security risks. Existing defense agencies fail to adaptively and effectively mitigate these risks. In this paper, we propose AGrail, a lifelong agent guardrail to enhance LLM agent safety, which features adaptive safety check generation, effective safety check optimization, and tool compatibility and flexibility. Extensive experiments demonstrate that AGrail not only achieves strong performance against task-specific and system risks but also exhibits transferability across different LLM agents' tasks.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 7 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Do Enterprise Systems Need Learned World Models? The Importance of Context to Infer Dynamics

    cs.AI 2026-05 unverdicted novelty 6.0

    In configurable enterprise systems, runtime discovery of transition dynamics from system configuration is more robust to deployment shifts than offline-trained world models.

  2. Owner-Harm: A Missing Threat Model for AI Agent Safety

    cs.CR 2026-04 unverdicted novelty 6.0

    Owner-Harm is a new threat model with eight categories of agent behavior that harms the deployer, and existing defenses achieve only 14.8% true positive rate on injection-based owner-harm tasks versus 100% on generic ...

  3. PROJECTMEM: A Local-First, Event-Sourced Memory and Judgment Layer for AI Coding Agents

    cs.AI 2026-06 conditional novelty 5.0

    ProjectMem implements a local event-sourced memory and judgment layer for AI coding agents that logs typed events, projects them to MCP summaries, and applies deterministic pre-action gates to avoid known failures.

  4. ADR: An Agentic Detection System for Enterprise Agentic AI Security

    cs.AI 2026-05 unverdicted novelty 5.0

    ADR is a three-component detection system for AI agents that combines telemetry sensors, red teaming, and two-tier detection, achieving 97.2% precision in a ten-month Uber deployment and outperforming baselines on the...

  5. SafeHarbor: Hierarchical Memory-Augmented Guardrail for LLM Agent Safety

    cs.CR 2026-05 unverdicted novelty 5.0

    SafeHarbor introduces a hierarchical memory-augmented guardrail with adversarial rule extraction and entropy-driven self-evolution to balance safety and utility in LLM agents.

  6. SafeHarbor: Hierarchical Memory-Augmented Guardrail for LLM Agent Safety

    cs.CR 2026-05 unverdicted novelty 5.0

    SafeHarbor uses hierarchical memory with adversarial rule extraction and entropy-driven self-evolution to achieve over 93% refusal on harmful requests while reaching 63.6% benign utility on GPT-4o.

  7. Whispers of Wealth: Red-Teaming Google's Agent Payments Protocol via Prompt Injection

    cs.CR 2026-01 unverdicted novelty 5.0

    Red-teaming of the Agent Payments Protocol reveals vulnerabilities to direct and indirect prompt injection, with Branded Whisper and Vault Whisper attacks enabling product ranking manipulation and sensitive data extraction.