pith. machine review for the scientific record. sign in

arxiv: 2604.15367 · v2 · submitted 2026-04-15 · 💻 cs.CR · cs.MA

Recognition: unknown

SoK: Security of Autonomous LLM Agents in Agentic Commerce

Qian'ang Mao , Jiaxin Wang , Ya Liu , Li Zhu , Cong Ma , Jiaqi Yan
Authors on Pith no claims yet

Pith reviewed 2026-05-10 13:52 UTC · model grok-4.3

classification 💻 cs.CR cs.MA
keywords LLM agentsagentic commercesecurity frameworkcross-layer attacksautonomous agentsSoKtransaction securityregulatory compliance
0
0 comments X

The pith

Securing autonomous LLM agents in commerce requires coordinated controls across LLM safety, protocol design, identity, market structure, and regulation.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper systematizes security risks for large language model agents that autonomously negotiate, purchase, manage assets, and transact in commerce and finance. It groups threats into five dimensions and extracts twelve cross-layer attack vectors from a broad review of papers, protocols, reports, and incidents, showing how issues in an agent's reasoning or tools can reach custody problems, market harm, and regulatory violations. Current payment protocols for agents leave gaps in authorization and trust that allow these propagations. The work proposes a layered defense structure to coordinate responses across the dimensions. This framing implies that isolated fixes in any single area will leave agent-based systems exposed as they scale.

Core claim

A unified security framework organizes threats along five dimensions: agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance. From a curated corpus of academic papers, protocol documents, industry reports, and incident evidence, the analysis derives twelve cross-layer attack vectors that demonstrate propagation from reasoning and tooling layers into custody, settlement, market harm, and compliance exposure. A layered defense architecture is outlined to close authorization gaps in existing agent-payment protocols. The overall result establishes that securing agentic commerce is inherently a cross-layer problem requiring coordinated action

What carries the argument

The five-dimensional threat model combined with the twelve cross-layer attack vectors extracted from the reviewed corpus of papers, protocols, reports, and incidents.

Load-bearing premise

The systematically gathered collection of papers, protocol documents, industry reports, and incident evidence is complete and representative enough to produce a stable set of twelve cross-layer attack vectors.

What would settle it

A documented real-world incident or new protocol in which an autonomous LLM agent suffers a security failure that cannot be classified under any of the twelve attack vectors and does not propagate across the five threat dimensions.

Figures

Figures reproduced from arXiv: 2604.15367 by Cong Ma, Jiaqi Yan, Jiaxin Wang, Li Zhu, Qian'ang Mao, Ya Liu.

Figure 1
Figure 1. Figure 1: Five-dimensional threat taxonomy for autonomous financial [PITH_FULL_IMAGE:figures/full_fig_p006_1.png] view at source ↗
read the original abstract

Autonomous large language model (LLM) agents such as OpenClaw are pushing agentic commerce from human-supervised assistance toward machine actors that can negotiate, purchase services, manage digital assets, and execute transactions across on-chain and off-chain environments. Protocols such as the Trustless Agents standard (ERC-8004), Agent Payments Protocol (AP2), OKX Agent Payments Protocol (APP), the HTTP 402-based payment protocol (x402), Agent Commerce Protocol (ACP), the Agentic Commerce standard (ERC-8183), and Machine Payments Protocol (MPP) enable this transition, but they also create an attack surface that existing security frameworks do not capture well. This Systematization of Knowledge (SoK) develops a unified security framework for autonomous LLM agents in commerce and finance. We organize threats along five dimensions: agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance. From a systematically curated public corpus of academic papers, protocol documents, industry reports, and incident evidence, we derive 12 cross-layer attack vectors and show how failures propagate from reasoning and tooling layers into custody, settlement, market harm, and compliance exposure. We then propose a layered defense architecture addressing authorization gaps left by current agent-payment protocols. Overall, our analysis shows that securing agentic commerce is inherently a cross-layer problem that requires coordinated controls across LLM safety, protocol design, identity, market structure, and regulation. We conclude with a research roadmap and a benchmark agenda for secure autonomous commerce.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. This SoK paper develops a unified security framework for autonomous LLM agents in agentic commerce. It organizes threats along five dimensions (agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance), derives 12 cross-layer attack vectors from a systematically curated corpus of academic papers, protocol documents (e.g., ERC-8004, AP2, x402, ACP, ERC-8183, MPP), industry reports, and incidents, demonstrates propagation from reasoning/tooling layers into custody/settlement/market harm and compliance exposure, proposes a layered defense architecture to address authorization gaps, and concludes that securing agentic commerce is inherently cross-layer, requiring coordinated controls across LLM safety, protocol design, identity, market structure, and regulation, along with a research roadmap and benchmark agenda.

Significance. If the derivation of the 12 vectors holds and the cross-layer propagation analysis is representative, the work would offer a timely systematization for an emerging domain where LLM agents are transitioning to autonomous commercial actors. It usefully highlights gaps in existing agent-payment protocols and provides a research roadmap that could help prioritize efforts in multi-layer security for agentic systems.

major comments (1)
  1. [Methods / Corpus Curation] The methods description of corpus curation (referenced in the abstract as 'systematically curated public corpus' and used to derive the exact count of 12 vectors across the five dimensions): without explicit search strings, inclusion/exclusion criteria, database sources, or sensitivity analysis, it is impossible to evaluate whether the corpus is exhaustive or biased toward early-stage protocols. This directly affects the stability of the 12-vector set and the central claim that failures inherently propagate across the claimed layers, as an overlooked protocol or incident could alter the vector count or require additional dimensions.
minor comments (2)
  1. [Abstract] The abstract introduces 'OpenClaw' as an example agent without a brief definition or citation; adding one sentence of context would improve accessibility for readers new to specific LLM agent implementations.
  2. [Threat Dimensions] The five dimensions are listed clearly, but the mapping of the 12 vectors to these dimensions (and to specific protocols) would benefit from a summary table for quick reference.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive and positive assessment of our SoK paper. The feedback on corpus curation methods is well-taken and highlights an area where greater transparency will strengthen the work. We address the comment below and will revise the manuscript accordingly.

read point-by-point responses

  1. Referee: [Methods / Corpus Curation] The methods description of corpus curation (referenced in the abstract as 'systematically curated public corpus' and used to derive the exact count of 12 vectors across the five dimensions): without explicit search strings, inclusion/exclusion criteria, database sources, or sensitivity analysis, it is impossible to evaluate whether the corpus is exhaustive or biased toward early-stage protocols. This directly affects the stability of the 12-vector set and the central claim that failures inherently propagate across the claimed layers, as an overlooked protocol or incident could alter the vector count or require additional dimensions.

    Authors: We agree that the current manuscript lacks sufficient methodological detail on corpus curation, which limits reproducibility and makes it harder to assess potential bias or exhaustiveness. The abstract and text refer to a 'systematically curated public corpus' of academic papers, protocol documents (ERC-8004, AP2, x402, ACP, ERC-8183, MPP), industry reports, and incidents, but do not list explicit search strings, inclusion/exclusion criteria, database sources, or sensitivity analysis. In the revised version we will add a dedicated 'Corpus Curation' subsection that specifies: search strings (e.g., 'LLM agent security' OR 'autonomous agent commerce' AND 'threat' OR 'attack vector'); sources (arXiv, Google Scholar, EIP GitHub, selected industry reports 2023–2024); inclusion criteria (works addressing autonomous LLM agents in commercial/financial settings with concrete threat or protocol content); exclusion criteria (non-autonomous agents, purely theoretical papers without practical vectors, non-commercial use cases); and a sensitivity analysis showing that incorporation of additional recent protocols or incidents does not alter the five dimensions or the set of 12 vectors. This revision will not change the core findings or the cross-layer propagation analysis, which remains grounded in the concrete examples drawn from the existing corpus. We believe the added transparency will address the concern without requiring expansion of the threat model itself. revision: yes

Circularity Check

0 steps flagged

No circularity: derivation from external curated corpus

full rationale

The paper is a Systematization of Knowledge that organizes threats into five dimensions and derives 12 cross-layer attack vectors explicitly from a public corpus of academic papers, protocol documents (ERC-8004, AP2, x402, ACP, ERC-8183, MPP), industry reports, and incident evidence. No equations, fitted parameters, self-definitional constructs, or load-bearing self-citations reduce any claim to the paper's own inputs by construction. The cross-layer propagation argument follows from mapping external evidence rather than renaming or predicting quantities defined internally. This is self-contained against external benchmarks and receives the default non-circularity finding.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

This is a systematization-of-knowledge paper whose central contribution is an organizing framework rather than new empirical data or derivations; it therefore rests on the assumption that the chosen literature corpus adequately represents the threat space.

axioms (1)
  • domain assumption The selected corpus of academic papers, protocol documents, industry reports, and incident evidence is representative of the current threat landscape in agentic commerce.
    Invoked when the authors derive the 12 attack vectors and the five threat dimensions from the corpus.

pith-pipeline@v0.9.0 · 5579 in / 1309 out tokens · 35774 ms · 2026-05-10T13:52:28.610718+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents

    cs.CR 2026-05 unverdicted novelty 5.0

    MolTrust deploys a W3C VC+DID trust infrastructure for AI agents with kernel-layer authorization, cross-protocol interoperability, and layered Sybil resistance, operational since March 2026 across eight verticals.

Reference graph

Works this paper leans on

146 extracted references · 51 canonical work pages · cited by 1 Pith paper · 6 internal anchors

  1. [1]

    Autonomous bidding agents in the trading agent competition,

    A. Greenwald and P. Stone, “Autonomous bidding agents in the trading agent competition,”IEEE Internet Computing, 2001

    2001

  2. [2]

    Southamptontac: Designing a successful trading agent,

    M. He and N. R. Jennings, “Southamptontac: Designing a successful trading agent,” inProceedings of the Fifteenth European Conference on Artificial Intelligence. IOS Press, 2002, pp. 8–12. [Online]. Available: https://eprints.soton.ac.uk/252101/

    2002

  3. [3]

    openclaw/openclaw: Your own personal AI assistant. any OS. any platform. the lobster way

    P. Steinberger, “openclaw/openclaw: Your own personal AI assistant. any OS. any platform. the lobster way.” GitHub repository, accessed: 2026-03-31. [Online]. Available: https: //github.com/openclaw/openclaw

    2026

  4. [4]

    Llm-powered multi-agent system for automated crypto portfolio management.arXiv preprint arXiv:2501.00826,

    Y . Luo, Y . Feng, J. Xu, P. Tasca, and Y . Liu, “LLM-powered multi- agent system for automated crypto portfolio management,”arXiv preprint arXiv:2501.00826, 2025

    work page arXiv 2025

  5. [5]

    AI agents in finance and fintech: A scientific review of agent-based systems, applications, and future horizons,

    M. Rizinski and D. Trajanov, “AI agents in finance and fintech: A scientific review of agent-based systems, applications, and future horizons,”Computers, Materials & Continua, vol. 86, no. 1, pp. 1–34, 2026

    2026

  6. [6]

    Xiaoning Dong, Wenbo Hu, Wei Xu, and Tianxing He

    H. Ding, Y . Li, J. Wang, H. Chen, D. Guo, and Y . Zhang, “Large language model agent in financial trading: A survey,”arXiv preprint arXiv:2408.06361, 2024

    work page arXiv 2024

  7. [7]

    arXiv preprint arXiv:2406.11903 , year=

    Y . Nie, Y . Kong, X. Dong, J. M. Mulvey, H. V . Poor, Q. Wen, and S. Zohren, “A survey of large language models for financial applications: Progress, prospects and challenges,”arXiv preprint arXiv:2406.11903, 2024

    work page arXiv 2024

  8. [8]

    Large language models in finance (FinLLMs),

    J. Lee, N. Stevens, and S. C. Han, “Large language models in finance (FinLLMs),”Neural Computing and Applications, vol. 37, no. 30, pp. 24 853–24 867, 2025

    2025

  9. [9]

    Trading-R1: Financial trading with LLM reasoning via reinforcement learning,

    Y . Xiao, E. Sun, T. Chen, F. Wu, D. Luo, and W. Wang, “Trading-R1: Financial trading with LLM reasoning via reinforcement learning,” arXiv preprint arXiv:2509.11420, 2025

    work page arXiv 2025

  10. [10]

    TessPay: Verify-then- pay infrastructure for trusted agentic commerce,

    M. Goenka, T. Pathak, and S. Asthana, “TessPay: Verify-then- pay infrastructure for trusted agentic commerce,”arXiv preprint arXiv:2602.00213, 2026

    work page arXiv 2026

  11. [11]

    AgenticPay: A multi-agent LLM negotiation system for buyer–seller transactions.arXiv preprint arXiv:2602.06008,

    X. Liu, S. Gu, and D. Song, “AgenticPay: A multi-agent LLM negotiation system for buyer-seller transactions,”arXiv preprint arXiv:2602.06008, 2026

    work page arXiv 2026

  12. [12]

    Agents can now do real business, not just make payments,

    OKX Learn, “Agents can now do real business, not just make payments,” OKX Learn, 2026, published: 2026-04-29; accessed: 2026-05-01. [Online]. Available: https://www.okx.com/ learn/agent-payments-protocol

    2026

  13. [13]

    Machine payments,

    Tempo, “Machine payments,” Tempo Documentation, accessed: 2026-03-31. [Online]. Available: https://docs.tempo.xyz/learn/ tempo/machine-payments

    2026

  14. [14]

    Protocol overview,

    Tempo and Stripe, “Protocol overview,” Machine Payments Protocol documentation, accessed: 2026-03-31. [Online]. Available: https://mpp.dev/protocol

    2026

  15. [15]

    Agentic commerce and payments: Exploring the implications of robots paying robots,

    D. G. W. Birch and D. Gamble, “Agentic commerce and payments: Exploring the implications of robots paying robots,”Journal of Payments Strategy & Systems, 2025

    2025

  16. [16]

    Agentic commerce: A survey of how ai agents are reshaping commerce,

    Y . Zhang, B. Pan, M. Zhu, J. Pei, and L. Zhao, “Agentic commerce: A survey of how ai agents are reshaping commerce,”TechRxiv, 2026

    2026

  17. [17]

    Not what you’ve signed up for: Compromising real- world LLM-integrated applications with indirect prompt injection,

    K. Greshake, S. Abdelnabi, S. Mishra, C. Endres, T. Holz, and M. Fritz, “Not what you’ve signed up for: Compromising real- world LLM-integrated applications with indirect prompt injection,” inProceedings of the 16th ACM Workshop on Artificial Intelligence and Security. ACM, 2023, pp. 79–90

    2023

  18. [18]

    Secure autonomous agent payments: Verifying authenticity and intent in a trustless environment.arXiv preprint arXiv:2511.15712, 2025

    V . Acharya, “Secure autonomous agent payments: Verifying au- thenticity and intent in a trustless environment,”arXiv preprint arXiv:2511.15712, 2025

    work page arXiv 2025

  19. [19]

    From deep learning to LLMs: A survey of AI in quantitative investment,

    B. Cao, S. Wang, X. Lin, X. Wu, H. Zhang, L. M. Ni, and J. Guo, “From deep learning to LLMs: A survey of AI in quantitative investment,”arXiv preprint arXiv:2503.21422, 2025

    work page arXiv 2025

  20. [20]

    Revolutionizing finance with llms: An overview of applications and insights.arXiv preprint arXiv:2401.11641,

    H. Zhao, Z. Liu, Z. Wu, Y . Li, T. Yang, P. Shu, S. Xu, H. Dai, L. Zhao, H. Jiang, Y . Pan, J. Chen, Y . Zhou, Z. Zhang, R. Sun, G. Mai, N. Liu, and T. Liu, “Revolutionizing finance with LLMs: An overview of applications and insights,”arXiv preprint arXiv:2401.11641, 2024

    work page arXiv 2024

  21. [21]

    Large language models for financial and invest- ment management: Applications and benchmarks,

    Y . Kong, Y . Nie, X. Dong, J. M. Mulvey, H. V . Poor, Q. Wen, and S. Zohren, “Large language models for financial and invest- ment management: Applications and benchmarks,”The Journal of Portfolio Management, 2024

    2024

  22. [22]

    Agent-mediated elec- tronic commerce: A survey,

    R. H. Guttman, A. G. Moukas, and P. Maes, “Agent-mediated elec- tronic commerce: A survey,”The Knowledge Engineering Review, 1998

    1998

  23. [23]

    On agent-mediated electronic commerce,

    M. He, “On agent-mediated electronic commerce,”IEEE Transac- tions on Knowledge and Data Engineering, 2003

    2003

  24. [24]

    Agent-mediated electronic commerce,

    C. Sierra, “Agent-mediated electronic commerce,”Autonomous Agents and Multi-Agent Systems, 2004

    2004

  25. [25]

    Agents that reduce work and information overload,

    P. Maes, “Agents that reduce work and information overload,” Communications of the ACM, 1994

    1994

  26. [26]

    Rethinking AI agents: A principal-agent perspective,

    M. H. Jarrahi and P. Ritala, “Rethinking AI agents: A principal-agent perspective,”California Management Re- view, 2025. [Online]. Available: https://cmr.berkeley.edu/2025/ 07/rethinking-ai-agents-a-principal-agent-perspective/

    2025

  27. [27]

    Human-centred AI in FinTech: Developing a user experience (UX) research point of view (PoV) playbook,

    F. Adedoyin, “Human-centred AI in FinTech: Developing a user experience (UX) research point of view (PoV) playbook,”arXiv preprint arXiv:2506.15325, 2025

    work page arXiv 2025

  28. [28]

    LLMs analyzing the analysts: Do BERT and GPT extract more value from financial analyst reports?

    S. Kim, S. Kim, Y . Kim, J. Park, S. Kim, M. Kim, C. H. Sung, J. Hong, and Y . Lee, “LLMs analyzing the analysts: Do BERT and GPT extract more value from financial analyst reports?” in Proceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 383–391

    2023

  29. [29]

    Agent payments protocol,

    OKX Web3, “Agent payments protocol,” Onchain OS documentation, 2026, accessed: 2026-05-01. [Online]. Available: https://web3.okx.com/onchainos/dev-docs/payments/app

    2026

  30. [30]

    Technical deep dive,

    Virtuals Protocol, “Technical deep dive,” Virtuals Protocol Whitepaper, agent Commerce Protocol (ACP); accessed: 2026-03-

    2026

  31. [31]

    Available: https://whitepaper.virtuals.io/about-virtuals/ agent-commerce-protocol-acp/technical-deep-dive

    [Online]. Available: https://whitepaper.virtuals.io/about-virtuals/ agent-commerce-protocol-acp/technical-deep-dive

  32. [32]

    Agent Control Protocol: Admission Control for Agent Actions

    M. Fernandez, “Agent control protocol: Admission control for agent actions,”arXiv preprint arXiv:2603.18829, 2026

    work page internal anchor Pith review Pith/arXiv arXiv 2026

  33. [33]

    Autonomous agents on blockchains: Standards, execution models, and trust boundaries.arXiv preprint arXiv:2601.04583, 2026

    S. Alqithami, “Autonomous agents on blockchains: Standards, execution models, and trust boundaries,”arXiv preprint arXiv:2601.04583, 2026

    work page arXiv 2026

  34. [34]

    About virtuals protocol,

    Virtuals Protocol, “About virtuals protocol,” Virtuals Protocol Whitepaper, accessed: 2026-03-31. [Online]. Available: https: //whitepaper.virtuals.io

    2026

  35. [35]

    GAME framework,

    Virtuals Protocol, “GAME framework,” Virtuals Proto- col Whitepaper, accessed: 2026-03-31. [Online]. Available: https://whitepaper.virtuals.io/builders-hub/game-framework

    2026

  36. [36]

    ERC-8183: Agentic commerce,

    D. Crapis, B. Lim, W. Tay, and Z. Chooi, “ERC-8183: Agentic commerce,” Ethereum Improvement Proposal, 2026, created: 2026- 02-25. [Online]. Available: https://eips.ethereum.org/EIPS/eip-8183

    2026

  37. [37]

    Introducing the machine payments protocol,

    J. Weinstein and S. Kaliski, “Introducing the machine payments protocol,” Stripe Blog, 2026, published: 2026-03-18. [Online]. Available: https://stripe.com/blog/machine-payments-protocol

    2026

  38. [38]

    AESP: A human-sovereign economic protocol for AI agents with privacy-preserving settlement,

    J. S. Wang, “AESP: A human-sovereign economic protocol for AI agents with privacy-preserving settlement,”arXiv preprint arXiv:2603.00318, 2026

    work page arXiv 2026

  39. [39]

    EIP-712: Typed structured data hashing and signing,

    R. Bloemen, L. Logvinov, and J. Evans, “EIP-712: Typed structured data hashing and signing,” Ethereum Improvement Proposal 712,

  40. [40]

    Available: https://eips.ethereum.org/EIPS/eip-712

    [Online]. Available: https://eips.ethereum.org/EIPS/eip-712

  41. [41]

    HTTP message signatures,

    M. Thomson and A. Backman, “HTTP message signatures,” RFC 9421, 2024. [Online]. Available: https://www.rfc-editor.org/ rfc/rfc9421

    2024

  42. [42]

    A secure agent-mediated payment protocol,

    X. Pang, K.-L. Tan, Y . Wang, and J. Ren, “A secure agent-mediated payment protocol,” inInformation and Communications Security. Springer Berlin Heidelberg, 2002, pp. 422–433

    2002

  43. [43]

    A mobile autonomous agent-based secure payment protocol supporting multiple payments,

    Y . Wang and V . Varadharajan, “A mobile autonomous agent-based secure payment protocol supporting multiple payments,” inPro- ceedings of the 2005 IEEE/WIC/ACM International Conference on Intelligent Agent Technology. IEEE Computer Society, 2005, pp. 88–94

    2005

  44. [44]

    What is the model context protocol (MCP)?

    Model Context Protocol, “What is the model context protocol (MCP)?” Documentation, accessed: 2026-03-31. [Online]. Available: https://modelcontextprotocol.io/docs/getting-started/intro

    2026

  45. [45]

    Security best prac- tices,

    Model Context Protocol, “Security best prac- tices,” Documentation, accessed: 2026-03-31. [Online]. Available: https://modelcontextprotocol.io/docs/tutorials/security/ security best practices

    2026

  46. [46]

    Principal-agent dynamics and digital (platform) economics in the age of agentic AI,

    V . Stocker and W. Lehr, “Principal-agent dynamics and digital (platform) economics in the age of agentic AI,”Network Law Review, 2025, published: 2025-09-29. [Online]. Available: https://www.networklawreview.org/stocker-lehr-ai/

    2025

  47. [47]

    Siegel, Nitya Nadgir, and Arvind Narayanan

    S. Kapoor and A. Narayanan, “AI agents that matter,”arXiv preprint arXiv:2407.01502, 2024

    work page arXiv 2024

  48. [48]

    Agent-mediated integrative negotia- tion for retail electronic commerce,

    R. H. Guttman and P. Maes, “Agent-mediated integrative negotia- tion for retail electronic commerce,” inAgent Mediated Electronic Commerce. Springer Berlin Heidelberg, 1999

    1999

  49. [49]

    Automated negotiation,

    T. Sandholm, “Automated negotiation,”Communications of the ACM, vol. 42, no. 3, pp. 84–85, 1999

    1999

  50. [50]

    Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP

    D. Nieper-Wisskirchen, P. Singh, S. Gupta, and J. Chang, “Se- curity threat modeling for emerging AI-agent protocols: A com- parative analysis of MCP, A2A, agora, and ANP,”arXiv preprint arXiv:2602.11327, 2026

    work page internal anchor Pith review Pith/arXiv arXiv 2026

  51. [51]

    Breaking the protocol: Security analysis of the model context protocol specification and prompt injection vulnerabilities in tool-integrated LLM agents,

    N. Maloyan and D. Namiot, “Breaking the protocol: Security anal- ysis of the model context protocol specification and prompt injec- tion vulnerabilities in tool-integrated LLM agents,”arXiv preprint arXiv:2601.17549, 2026

    work page arXiv 2026

  52. [52]

    Agent audit: A security analysis system for llm agent applications,

    H. Zhang, Y . Nian, and Y . Zhao, “Agent audit: A security analysis system for LLM agent applications,”arXiv preprint arXiv:2603.22853, 2026

    work page arXiv 2026

  53. [53]

    What is your AI agent buying? evaluation, biases, model dependence, and emerging implications of agentic e-commerce,

    A. Allouah, O. Besbes, J. D. Figueroa, Y . Kanoria, and A. Ku- mar, “What is your AI agent buying? evaluation, biases, model dependence, and emerging implications of agentic e-commerce,” in Proceedings of the ACM Web Conference 2026. ACM, 2026, pp. 8697–8700

    2026

  54. [54]

    Build agent advocates, not platform agents,

    S. Kapoor, N. Kolt, and D. Lazar, “Build agent advocates, not platform agents,”arXiv preprint arXiv:2505.04345, 2025

    work page arXiv 2025

  55. [55]

    A negotiation model in agent-mediated electronic commerce,

    M. Chung and V . Honavar, “A negotiation model in agent-mediated electronic commerce,” inProceedings International Symposium on Multimedia Software Engineering. IEEE Computer Society, 2000, pp. 403–410

    2000

  56. [56]

    Bilateral nego- tiation model for agent-mediated electronic commerce,

    G. E. de Paula, F. S. Ramos, and G. L. Ramalho, “Bilateral nego- tiation model for agent-mediated electronic commerce,” 2001

    2001

  57. [57]

    FinD- ebate: Multi-agent collaborative intelligence for financial analysis,

    T. Cai, G. Li, N. Han, C. Huang, Z. Wang, C. Zeng, Y . Wang, J. Zhou, H. Zhang, Q. Chen, Y . Pan, S. Wang, and W. Wang, “FinD- ebate: Multi-agent collaborative intelligence for financial analysis,” inProceedings of The 10th Workshop on Financial Technology and Natural Language Processing, 2025, pp. 268–282

    2025

  58. [58]

    Virtuals protocol fixes critical bug, re- wards security researcher,

    H. Shittu, “Virtuals protocol fixes critical bug, re- wards security researcher,” Cryptonews, 2025, last updated: 2025-01-03. [Online]. Available: https://cryptonews.com/news/ virtuals-protocol-fixes-critical-bug-rewards-security-researcher/

    2025

  59. [59]

    Identifying the Risks of LM Agents with an LM-Emulated Sandbox

    Y . Ruan, H. Dong, A. Wang, S. Pitis, Y . Zhou, J. Ba, Y . Dubois, C. J. Maddison, and T. Hashimoto, “Identifying the risks of LM agents with an LM-emulated sandbox,”arXiv preprint arXiv:2309.15817, 2023

    work page internal anchor Pith review arXiv 2023

  60. [60]

    DiraBook

    X. Deng, Y . Zhang, J. Wu, J. Bai, S. Yi, Z. Zou, Y . Xiao, R. Qiu, J. Ma, J. Chen, X. Du, X. Yang, S. Cui, C. Meng, W. Wang, J. Song, K. Xu, and Q. Li, “Taming OpenClaw: Security analysis and mitigation of autonomous LLM agent threats,”arXiv preprint arXiv:2603.11619, 2026

    work page arXiv 2026

  61. [61]

    A survey on trust- worthy LLM agents: Threats and countermeasures,

    M. Yu, F. Meng, X. Zhou, S. Wang, J. Mao, L. Pan, T. Chen, K. Wang, X. Li, Y . Zhang, B. An, and Q. Wen, “A survey on trust- worthy LLM agents: Threats and countermeasures,” inProceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V .2. ACM, 2025, pp. 6216–6226

    2025

  62. [62]

    Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents

    C. Schroeder de Witt, “Open challenges in multi-agent security: Towards secure systems of interacting AI agents,”arXiv preprint arXiv:2505.02077, 2025

    work page internal anchor Pith review Pith/arXiv arXiv 2025

  63. [63]

    Inter-agent trust models: A comparative study of brief, claim, proof, stake, reputation and constraint in agentic web protocol design — A2A, AP2, ERC-8004, and beyond,

    B. A. Hu and H. Rong, “Inter-agent trust models: A comparative study of brief, claim, proof, stake, reputation and constraint in agentic web protocol design-A2A, AP2, ERC-8004, and beyond,” arXiv preprint arXiv:2511.03434, 2025

    work page arXiv 2025

  64. [64]

    Predicting stock price trends using language models to extract the sentiment from analyst reports,

    A. Moreno, “Predicting stock price trends using language models to extract the sentiment from analyst reports,”Economics Letters, 2025

    2025

  65. [65]

    Analysis of material facts on financial assets: A generative AI approach,

    G. Assis, D. Vianna, G. L. Pappa, A. Plastino, W. Meira Jr, A. S. da Silva, and A. Paes, “Analysis of material facts on financial assets: A generative AI approach,” inProceedings of the Joint Workshop of the 7th Financial Technology and Natural Language Processing, the 5th Knowledge Discovery from Unstructured Data in Financial Services, and the 4th Works...

    2024

  66. [66]

    Conservative predictions on noisy data,

    O. Nabar and G. Shroff, “Conservative predictions on noisy data,” in4th ACM International Conference on AI in Finance, 2023

    2023

  67. [67]

    A GANs-based approach for stock price anomaly detection and investment risk management,

    S. Kim, J. Hong, and Y . Lee, “A GANs-based approach for stock price anomaly detection and investment risk management,” inPro- ceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 1–9

    2023

  68. [68]

    Agentic commerce: A unified multi-retrieval framework for high-fidelity e-commerce chatbots,

    M. E. Faysal, W. Feng, and E. Mony, “Agentic commerce: A unified multi-retrieval framework for high-fidelity e-commerce chatbots,” Journal of Computer Science and Artificial Intelligence, 2026

    2026

  69. [69]

    Making GenAI smarter: Evidence from a portfolio allocation experiment,

    L. Hornuf, D. Streich, and N. T ¨ollich, “Making GenAI smarter: Evidence from a portfolio allocation experiment,”SSRN Electronic Journal, 2025

    2025

  70. [70]

    A deceit-tolerant negotiation model for agent mediated electronic commerce,

    P. Xu, J. Gao, and H. Guo, “A deceit-tolerant negotiation model for agent mediated electronic commerce,” in2005 International Conference on Machine Learning and Cybernetics. IEEE, 2005

    2005

  71. [71]

    Adversarial deep hedging: Learning to hedge without price process modeling,

    M. Hirano, K. Minami, and K. Imajo, “Adversarial deep hedging: Learning to hedge without price process modeling,” inProceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 19–26

    2023

  72. [72]

    When FinTech meets privacy: Securing financial LLMs with differential private fine-tuning,

    S. Zhu, H. Leung, X. Wang, J. Wei, and H. Xu, “When FinTech meets privacy: Securing financial LLMs with differential private fine-tuning,” in2025 IEEE International Performance, Computing, and Communications Conference. IEEE, 2025, pp. 1–6

    2025

  73. [73]

    Fine-tuning language models for predicting the impact of events associated to financial news articles,

    N. Banerjee, A. Sarkar, S. Chakraborty, S. Ghosh, and S. K. Naskar, “Fine-tuning language models for predicting the impact of events associated to financial news articles,” inProceedings of the Joint Workshop of the 7th Financial Technology and Natural Language Processing, the 5th Knowledge Discovery from Unstructured Data in Financial Services, and the 4...

    2024

  74. [74]

    Finllama: Financial sentiment classification for al- gorithmic trading applications,

    T. Konstantinidis, G. Iacovides, M. Xu, T. G. Constantinides, and D. Mandic, “Finllama: Financial sentiment classification for al- gorithmic trading applications,”arXiv preprint arXiv:2403.12285, 2024

    work page arXiv 2024

  75. [75]

    Who pays when the agent fails? liability frame- works for autonomous payment systems in a fragmented regulatory landscape,

    D. Shukanayev, “Who pays when the agent fails? liability frame- works for autonomous payment systems in a fragmented regulatory landscape,”SSRN Electronic Journal, 2025

    2025

  76. [76]

    Legalising autonomous shopping agent processes,

    M. Bain and B. Subirana, “Legalising autonomous shopping agent processes,”Computer Law & Security Report, 2003

    2003

  77. [77]

    Agent-mediated electronic commerce,

    H. S. Nwana, J. Rosenschein, T. Sandholm, C. Sierra, P. Maes, and R. Guttmann, “Agent-mediated electronic commerce,” inProceed- ings of the second international conference on Autonomous agents - AGENTS ’98. ACM Press, 1998

    1998

  78. [78]

    Agent-mediated electronic commerce: An mit media laboratory perspective,

    A. Moukas, G. Zacharia, R. Guttman, and P. Maes, “Agent-mediated electronic commerce: An mit media laboratory perspective,”Inter- national Journal of Electronic Commerce, 2000

    2000

  79. [79]

    Agent-mediated electronic commerce: Scientific and technological roadmap,

    C. Sierra and F. Dignum, “Agent-mediated electronic commerce: Scientific and technological roadmap,” 2001

    2001

  80. [80]

    Contract model for agent mediated electronic commerce,

    B. G ˆateau, D. Khadraoui, O. Boissier, and E. Dubois, “Contract model for agent mediated electronic commerce,” inProceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems. IEEE Computer Society, 2004, pp. 1454–1455

    2004

Showing first 80 references.