Research
Token-Flow Firewall Audits Persistent Agents at the Natural-Language Boundary
Persistent AI agents — those with long-lived memory, reusable skills, and tool-mediated state — have a much larger semantic attack surface than chat assistants because unsafe content propagates through stored state rather than dying with the session. The Token-Flow Firewall paper (arXiv 2607.08395, July 9) observes that nearly all security-critical interactions in such agents pass through natural-language token flows: memory updates, tool arguments, and retrieved content. Auditing at that chokepoint at runtime is a cheaper intervention than trying to sanitize every component, and it maps cleanly onto agent systems that persist findings or skills across runs.
Source
↳ Follow the thread